Re: Any solution for a virus in the BIOS?

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2007-12-03 Michael R. Martinez wrote:
> On Mon, 3 Dec 2007 19:40:00 Ansgar -59cobalt- Wiechers wrote:
> > On 2007-12-02 admin () lh com wrote:
> > > Get a av that has boot sector protection. Once you've run a scan
> > > with that, it will clear things out.
> >
> > Please explain how boot sector protection is supposed to help against
> > malware living in the BIOS. You do realize that it's the BIOS that
> > executes the boot code, don't you?
> >
> > Assuming the BIOS actually is infected (which isn't too clear after
> > the OP's rather vague description) the appropriate way would be to
> > replace the BIOS chip or flash a clean BIOS onto it using a dedicated
> > device (*not* a PC that is booted with the potentially infected
> > BIOS). Also examine the supposedly infected harddisk from a clean
> > system, either by booting some live-CD after cleaning the BIOS or by
> > attaching the disk to another system (as secondary/external disk).
>
> Boot into a disk that scans for virus at boot!
> Hiren
> EBCD
> Etc...

And then what? In case you didn't notice: the BIOS starts the OS on that
disk too, meaning that malware in said BIOS can also manipulate that OS
and thus any software it may run, meaning that despite booting from a
clean media you still have a (potentially) compromised system.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq