Webroot Discovers BIOS Rootkit
Page 1 of 1
SpykeZ




Posts: 23710

PostPosted: Mon, 19th Sep 2011 00:36    Post subject: Webroot Discovers BIOS Rootkit
Quote:
According to Webroot, Mebromi targets Award BIOS and attaches itself to it so it can infect a client computer over and over again. The malware then infects the master boot record to be able to infect winlogon.exe or winnt.exe to be able to use Windows to download additional malware. There is no easy way to get rid of Mebromi at this time as traditional anti-virus software won't reach down to the BIOS level.


Source

Wow.....mighty fancy if you ask me lol

Update:
In depth look




Last edited by SpykeZ on Mon, 19th Sep 2011 06:13; edited 1 time in total
Back to top
Mussolinka
Banned



Posts: 2782

PostPosted: Mon, 19th Sep 2011 00:39    Post subject:
Expect this to be patched soon as only Award seems to be vulnerable.

Really interesting tho, imagine the rage this could cause.


sabin1981 wrote:
Fuck you troll. Fuck you and your entire aids-infested family. Get cancer and die. Slowly.
Back to top
SpykeZ




Posts: 23710

PostPosted: Mon, 19th Sep 2011 00:40    Post subject:
Someone brought up a good point on OCN lol, imagine the rage this would cause, who the hell would EVER think their bios was infected?


Back to top
human_steel




Posts: 33269

PostPosted: Mon, 19th Sep 2011 01:17    Post subject:
AMI BIOS here. Smug
Back to top
WhiteBarbarian




Posts: 6008
Location: Russia
PostPosted: Mon, 19th Sep 2011 04:07    Post subject:
MacBook Pro here. Smug Smug Smug


Back to top
SpykeZ




Posts: 23710

PostPosted: Mon, 19th Sep 2011 06:15    Post subject:
Back to top
Sin317
Banned



Posts: 24322
Location: Geneva
PostPosted: Mon, 19th Sep 2011 08:27    Post subject:
WhiteBarbarian wrote:
MacBook Pro here. Smug Smug Smug


i rather have a rootkit destroying my bios ...
Back to top
Werelds
Special Little Man



Posts: 15098
Location: 0100111001001100
PostPosted: Mon, 19th Sep 2011 09:48    Post subject:
WhiteBarbarian wrote:
MacBook Pro here. Smug Smug Smug

Your point being? There have been EFI backdoors for quite some time, just like this isn't the first BIOS backdoor.
Back to top
human_steel




Posts: 33269

PostPosted: Mon, 19th Sep 2011 12:18    Post subject:
WhiteBarbarian wrote:
MacBook Pro here. Smug Smug Smug

Get out of here. Smug
Back to top
doobzilla




Posts: 1099
Location: Team America's Mount Rushmore Base. Stolen from Indians.
PostPosted: Mon, 19th Sep 2011 15:04    Post subject:
WhiteBarbarian wrote:
MacBook Pro here. Smug Smug Smug


Hmm...I didn't realize that MacBook owners were intelligent enough to use the internet without the geniuses explaining it to them. Smug Smug Smug

 Spoiler:
 


Hobo Zombie: TRAAAAAAAIIIINNNNNNSSSSSS
Woman Zombie: COMPLAAAAAAAIIIIIIINNNNNSSSSS
Englishmen Zombie: REFRAAAAAAAAAIIIIIINNNNNSSSSS
Thanks for the idea Lutz!
Back to top
timechange01
VIP Member



Posts: 6650

PostPosted: Mon, 19th Sep 2011 23:29    Post subject:
human_steel wrote:
WhiteBarbarian wrote:
MacBook Pro here. Smug Smug Smug

Get out of here. Smug


Laughing



ASUS Maximus XII Formula | Core i9 10900k @ 5.2Ghz | 32GB G.Skill DDR4 4200Mhz | EVGA RTX 3080 Ti FTW3 Ultra Hydro Copper | ASUS ROG PG35VQ
Back to top
SpykeZ




Posts: 23710

PostPosted: Tue, 20th Sep 2011 01:01    Post subject:
*sigh* Are you guys really this retarded that you derail a thread whining about macs?


Back to top
nerrd




Posts: 3607
Location: Poland / USA
PostPosted: Tue, 20th Sep 2011 01:20    Post subject:
SpykeZ wrote:
*sigh* Are you guys really this retarded that you derail a thread whining about macs?


The nfohump is getting more and more retarded. It's almost impossible to get/share any usefull information around here. Someone should really clean this place up.
Back to top
garus
VIP Member



Posts: 34200

PostPosted: Tue, 20th Sep 2011 01:24    Post subject:
snip


Last edited by garus on Tue, 27th Aug 2024 21:46; edited 1 time in total
Back to top
nerrd




Posts: 3607
Location: Poland / USA
PostPosted: Tue, 20th Sep 2011 01:31    Post subject:
garus wrote:
No one keeps you here. You are free to go.


Another useless, derogatory remark by you. You are a true VIP material.
See, unlike you, I would like to see this forum flourish, instead of failing.

Back to top
doobzilla




Posts: 1099
Location: Team America's Mount Rushmore Base. Stolen from Indians.
PostPosted: Tue, 20th Sep 2011 04:27    Post subject:
nerrd wrote:

Another useless, derogatory remark by you. You are a true VIP material.
See, unlike you, I would like to see this forum flourish, instead of failing.



Why is it that some people get so butt-hurt when a thread goes OT for a few posts? It's a forum, not the fucking Spanish Inquisition. Since there is more than one type of public forum, and I have neither the time or the proper mental faculties to explain the definitions of said forums, I'll not berate you further.

And, for the record:


 Spoiler:
 


 Spoiler:
 


Cool Face


Hobo Zombie: TRAAAAAAAIIIINNNNNNSSSSSS
Woman Zombie: COMPLAAAAAAAIIIIIIINNNNNSSSSS
Englishmen Zombie: REFRAAAAAAAAAIIIIIINNNNNSSSSS
Thanks for the idea Lutz!
Back to top
doobzilla




Posts: 1099
Location: Team America's Mount Rushmore Base. Stolen from Indians.
PostPosted: Tue, 20th Sep 2011 04:36    Post subject:
Annnnnndddd... Back on-topic:

Would just flashing a new bios fix this, I wonder? I would assume that there is a 50/50 chance that it would, but only if the new bios actually erases all the blocks first.


Hobo Zombie: TRAAAAAAAIIIINNNNNNSSSSSS
Woman Zombie: COMPLAAAAAAAIIIIIIINNNNNSSSSS
Englishmen Zombie: REFRAAAAAAAAAIIIIIINNNNNSSSSS
Thanks for the idea Lutz!
Back to top
SpykeZ




Posts: 23710

PostPosted: Tue, 20th Sep 2011 06:01    Post subject:
doobzilla wrote:
Annnnnndddd... Back on-topic:

Would just flashing a new bios fix this, I wonder? I would assume that there is a 50/50 chance that it would, but only if the new bios actually erases all the blocks first.


From what technicians were saying over on OCN you would have to reflash your bios to get rid of it. Essentially doing the same thing when reformatting your HD, except it's the bios....except it's a lot more "dangerous" and prone to fucking shit up.


Back to top
dingo_d
VIP Member



Posts: 14555

PostPosted: Tue, 20th Sep 2011 09:02    Post subject:
SpykeZ wrote:
doobzilla wrote:
Annnnnndddd... Back on-topic:

Would just flashing a new bios fix this, I wonder? I would assume that there is a 50/50 chance that it would, but only if the new bios actually erases all the blocks first.


From what technicians were saying over on OCN you would have to reflash your bios to get rid of it. Essentially doing the same thing when reformatting your HD, except it's the bios....except it's a lot more "dangerous" and prone to fucking shit up.


If you are complete ignorant than you can fuck things up, but if you follow the simple: put new bios version on your USB, plug it in, restart and press whatever default f button for quick flash, rules you really cannot fuck anything up.

It's not like you have to somehow manually rewrite the bios in assembly code Laughing


"Quantum mechanics is actually, contrary to it's reputation, unbeliveably simple, once you take the physics out."
Scott Aaronson
chiv wrote:
thats true you know. newton didnt discover gravity. the apple told him about it, and then he killed it. the core was never found.

Back to top
Lutzifer
Modzilla



Posts: 12740
Location: ____________________ **** vegan zombie **** GRRAAIIINNSS _______
PostPosted: Tue, 20th Sep 2011 20:27    Post subject:
been flashing bios for forever. Nothing bad ever happened. I always felt like something bad was gonna happen while i did it anyways. I blame all the warning messages grinhurt
Back to top
human_steel




Posts: 33269

PostPosted: Tue, 20th Sep 2011 20:31    Post subject:
Lutzifer wrote:
I always felt like something bad was gonna happen while i did it anyways.

When I flash BIOS, I'm always very nervous for the power not to go off at that particular moment. Very Happy
Back to top
doobzilla




Posts: 1099
Location: Team America's Mount Rushmore Base. Stolen from Indians.
PostPosted: Wed, 21st Sep 2011 03:54    Post subject:
dingo_d wrote:
If you are complete ignorant than you can fuck things up, but if you follow the simple: put new bios version on your USB, plug it in, restart and press whatever default f button for quick flash, rules you really cannot fuck anything up.

It's not like you have to somehow manually rewrite the bios in assembly code Laughing


Hell, I still flash with my 3.5" floppy

 Spoiler:
 


Hobo Zombie: TRAAAAAAAIIIINNNNNNSSSSSS
Woman Zombie: COMPLAAAAAAAIIIIIIINNNNNSSSSS
Englishmen Zombie: REFRAAAAAAAAAIIIIIINNNNNSSSSS
Thanks for the idea Lutz!
Back to top
timechange01
VIP Member



Posts: 6650

PostPosted: Wed, 21st Sep 2011 03:59    Post subject:
dingo_d wrote:
SpykeZ wrote:
doobzilla wrote:
Annnnnndddd... Back on-topic:

Would just flashing a new bios fix this, I wonder? I would assume that there is a 50/50 chance that it would, but only if the new bios actually erases all the blocks first.


From what technicians were saying over on OCN you would have to reflash your bios to get rid of it. Essentially doing the same thing when reformatting your HD, except it's the bios....except it's a lot more "dangerous" and prone to fucking shit up.


If you are complete ignorant than you can fuck things up, but if you follow the simple: put new bios version on your USB, plug it in, restart and press whatever default f button for quick flash, rules you really cannot fuck anything up.

It's not like you have to somehow manually rewrite the bios in assembly code Laughing


Its not the same method for all mobos



ASUS Maximus XII Formula | Core i9 10900k @ 5.2Ghz | 32GB G.Skill DDR4 4200Mhz | EVGA RTX 3080 Ti FTW3 Ultra Hydro Copper | ASUS ROG PG35VQ
Back to top
b0se
Banned



Posts: 5901
Location: Rapture
PostPosted: Wed, 21st Sep 2011 06:20    Post subject:
human_steel wrote:
AMI BIOS here. Smug


UEFI BIOS HERE
Back to top
dingo_d
VIP Member



Posts: 14555

PostPosted: Wed, 21st Sep 2011 08:47    Post subject:
timechange01 wrote:
dingo_d wrote:
SpykeZ wrote:


From what technicians were saying over on OCN you would have to reflash your bios to get rid of it. Essentially doing the same thing when reformatting your HD, except it's the bios....except it's a lot more "dangerous" and prone to fucking shit up.


If you are complete ignorant than you can fuck things up, but if you follow the simple: put new bios version on your USB, plug it in, restart and press whatever default f button for quick flash, rules you really cannot fuck anything up.

It's not like you have to somehow manually rewrite the bios in assembly code Laughing


Its not the same method for all mobos


Oh c'mon, find a new mobo that hasn't got quick flash utility or sth like that. Hell these days new mobos have buttons you can press so you can clear CMOS!

In the old days you had to pull the jumper out and then insert it back in, hell some required that you remove the battery! Laughing


"Quantum mechanics is actually, contrary to it's reputation, unbeliveably simple, once you take the physics out."
Scott Aaronson
chiv wrote:
thats true you know. newton didnt discover gravity. the apple told him about it, and then he killed it. the core was never found.

Back to top
human_steel




Posts: 33269

PostPosted: Wed, 21st Sep 2011 11:47    Post subject:
b0se wrote:
human_steel wrote:
AMI BIOS here. Smug


UEFI BIOS HERE


Laughing Laughing Laughing Laughing

There's a big chance that your UEFI is built and specified by AMI as well.
Back to top
tonizito
VIP Member



Posts: 51319
Location: Portugal, the shithole of Europe.
PostPosted: Mon, 29th Jul 2024 00:14    Post subject:
I R TEH LAZY
Closest on-topic I could find:
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

Quote:
Secure Boot is completely broken on 200+ models from 5 big device makers
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.


Awesome


boundle (thoughts on cracking AITD) wrote:
i guess thouth if without a legit key the installation was rolling back we are all fucking then
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - Hardware Zone
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group