Today's Hard|Forum Post
Today's Hard|Forum Post

Thursday September 15, 2011

The First BIOS Rootkit In The Wild

The bad news? Super-stealth BIOS rootkits have been found in the wild. The good news? They seem to be only targeting Chinese computers. smile Thanks to Nathan Jones for the link.

In the past few weeks a Chinese security company called Qihoo 360 blogged about a new BIOS rootkit hitting Chinese computers. This turned to be a very interesting discovery as it appears to be the first real malware targeting system BIOS since a well-known proof of concept called IceLord in 2007. The malware is called Mebromi and contains a bit of everything: a BIOS rootkit specifically targeting Award BIOS, a MBR rootkit, a kernel mode rootkit, a PE file infector and a Trojan downloader. At this time, Mebromi is not designed to infect 64-bit operating system and it is not able to infect the system if run with limited privileges.