Trojan.Mebromi is able to infect the BIOS

Every day the threat poised by malware grows greater and greater. A recently discovered trojan known as Trojan.Mebromi is able to flash itself to the BIOS of infected computer. So far it can only infect the Award bios system. Malware similar to this have been developed before called CIH, but it was last seen  in the 1990’s and only corrupted the BIOS not hide in it.

What happens is that when you turn on your computer the BIOS  loads the operating system up, among other things. What Mebromi does is alter the MBR (master boot record) of the system. This allows it to run its commands on start up before the OS. Upon booting the system it infects the system and downloads malicious files. This creates a big challenge for anti-virus developers because even if their scanners find the virus and remove it, they don’t detect it located in the BIOS. So when the user turns their computer on it again, it re-installs itself back onto the system.

So far the only way to remove it from your system is by flashing the BIOS.Flashing the BIOS is a very delicate procedure that could render your system bricked in the worst case scenario so  anti-virus developers are hesitant to do anything that could modify the BIOS in any way, preferring to leave it up to the developers of the BIOS.

For further reading:
http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/
http://www.symantec.com/connect/blogs/bios-threat-showing-again

Advertisements

4 thoughts on “Trojan.Mebromi is able to infect the BIOS

    • From my understanding, putting a password on the BIOS would do nothing to prevent this. That is because it runs entirely in the background not requiring the prompt to even access the bios where the password would prompt.

  1. Exploit’s like these always amaze me. However I imagine it because a difficult and time consuming process to use this exploit.

Comments are closed.