![]() ![]() In 1999, the CIH virus attempted to manipulate its victim's BIOS, but it had only destructive effects: the BIOS was overwritten, and the computer would no longer boot. The idea of hooking a malicious routine into the BIOS is not new and offers attackers the advantage of keeping hidden from the virus scanner. If the computer doesn't use an Award BIOS, the contaminant simply infects the MBR. Mebromi can also survive a change of hard drive. But even if the drive is cleaned, the whole infection routine is repeated the next time the BIOS module is booted. The next time Windows launches, the malicious code downloads a rootkit to prevent the drive's MBR from being cleaned by a virus scanner. ![]() The next time the system boots, the BIOS extension adds additional code to the hard drive's master boot record (MBR) in order to infect the winlogon.exe / winnt.exe processes on Windows XP and 2003 / Windows 2000 before Windows boots. If so, it uses the CBROM command-line tool to hook its extension into the BIOS. The contaminant, called Mebromi, first checks to see whether the victim's computer uses an Award BIOS. BIOS Trojan Chinese AV vendor 360 has discovered a virus in the wild that makes its home in a computer's BIOS, where it remains hidden from conventional virus scanners.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |