Mebromi: Here comes the first BIOS rootkit

Discussion in 'Security and Viruses' started by linked, Sep 15, 2011.

  1. linked

    linked New Member

    Joined:
    Aug 27, 2011
    Messages:
    17
    Trophy Points:
    4
    Ratings:
    +0 / 0 / -0
    Mebromi is the first BIOS rootkit in the wild. Here is the complete article.

    How do we protect our computer systems now? :eek:
     

  2. sm1

    sm1 Notable Member

    Joined:
    Nov 3, 2009
    Messages:
    828
    Trophy Points:
    68
    Ratings:
    +4 / 0 / -0
    As said in the article the virus cannot infect our system with limited privileges. So either use limited/standard user account or don't hastily allow all UAC prompts:)
     
  3. hellnoire

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,914
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Indeed.

    Also, weren't there other BIOS rootkits before? Or were they just MBR and my mind's playing tricks on me?
     
  4. linked

    linked New Member

    Joined:
    Aug 27, 2011
    Messages:
    17
    Trophy Points:
    4
    Ratings:
    +0 / 0 / -0
    Indeed, I guess that's the only way left to be protected. :)

    ---------- Post added at 03:33 AM ---------- Previous post was at 03:27 AM ----------

    Dunno if I have heard about any BIOS rootkits before. But the article mentions about a proof of concept "IceLord". :unsure00:

    The article does mentions about CIH/Chernobyl infection, the infamous virus discovered in 1998 that was able to flash the motherboard BIOS, erasing it. :shocking:
     
  5. hellnoire

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,914
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    I remember reading about Chernobyl/CIH when I was first playing SiN 1, seeing as one of the mirrors of the demo had a virus on it and no one knew of it. I was lucky enough not to get it then. And that might have been what I was thinking, a proof of concept one.
     
  6. Bearcat

    Bearcat Prominent Member

    Joined:
    Jan 8, 2011
    Messages:
    2,949
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thanks for the heads up linked. I wasn't aware of the existance of Mebroni and now I will stay alert for it. :mad:
     
  7. Raymond

    Raymond Administrator

    Joined:
    Nov 6, 2006
    Messages:
    8,897
    Trophy Points:
    295
    Ratings:
    +105 / 1 / -1
    If the Mebromi rootkit is stable, then the coder must be really good at it.
    The fact is it's not easy and very rarely people know how to code a BIOS rootkit.
     
  8. tejaswi

    tejaswi Member

    Joined:
    Aug 30, 2011
    Messages:
    36
    Trophy Points:
    9
    Ratings:
    +0 / 0 / -0
    I hope KIS has something in it's arsenal to fight this Mebromi.... I have only 16 days left before I buy a new subscription/ Win one here :D
     
  9. leofelix

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,805
    Trophy Points:
    266
    Ratings:
    +1 / 0 / -0
    Thank you
    Once Award BIOS had an antivirus inside (Trend Micro PC Cillin).
    Some motherboards have a backup BIOS
    in regards to previous malware targeting BIOS you may like to read here
     
  10. Bearcat

    Bearcat Prominent Member

    Joined:
    Jan 8, 2011
    Messages:
    2,949
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thanks for the additional information Leo.
     

Share This Page...