The sole task of the code injected into BIOS is to make sure that the infected backup is in the MBR and to restore the infection if it is absent. The rootkit has two main functions, with the main operations found in the code that is executed from the MBR. The Trojan’s code is clearly unfinished and contains debug information, but we have verified its functionality and it works. The rootkit detected in September is designed to infect BIOS manufactured by Award and appears to have originated in China. The primary challenge is a nonstandard BIOS format: the author of a malicious program must support each and every manufacturer’s BIOS and get a handle on the ROM firmware algorithms. Back in 1998, the CIH virus was capable of reprogramming BIOS, but all it could do was corrupt BIOS making it impossible to start the computer it couldn’t gain control of the system.Ĭlearly, this is something that would interest virus writers, although the process is fraught with complications. Injection of malicious code at this level was previously unheard of. September saw events that could well have a major bearing on the future development of malware and antivirus technology, following the discovery by experts from several antivirus companies of a Trojan capable of infecting BIOS.īy launching from BIOS immediately after the computer is turned on, a malicious program can gain control of all the boot-up stages of the computer or operating system. The cybercriminals’ new bag of tricks BIOS infections: the final frontier? 91,767,702 heuristic verdicts were registered.263,437,090 malicious programs were detected and neutralized on user computers. 80,774,804 web-borne infections were prevented.213,602,142 network attacks were blocked.The following statistics were compiled in September using data collected from computers running Kaspersky Lab products:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |