New rootkit in the BIOS has been designed to suit the previously detected malware Mebromi, which was aimed at users of Award BIOS.
Representatives of McAfee Rootkit discovered, which affects the BIOS. The rootkit was named Niwa! Mem and initially infected MBR (Master Boot Record, MBR).
“A malicious program overwrites the MBR in sector 0, and then writes the file« the downloader », which is loaded in the hidden sectors. DLL copies itself to the Trash folder, and deleted. «The downloader» runs every time you start the system “- say the researchers.
“All imported components will be present in a DLL, including the utility from the manufacturer cbrom.exe BIOS, which is a malicious program uses flash BIOS», – the report says McAfee.
Experts note that the new rootkit in the BIOS has been designed to suit the previously detected malware Mebromi, which was aimed at users Award BIOS, present in the motherboard of Phoenix Technologies.
“We have already recorded two malicious programs designed to BIOS … When the first of them was found, we did not know how long it will be a second. Now, we should expect to clash with new (ed. – rootkits) in the near future “- said the researchers, noting that a security and cleaning of the BIOS-rootkit will be difficult for software companies.
Experts note that the anti-virus solution should be designed without the slightest error in order to avoid cases where the system will not boot at all. The development of specific anti-virus solutions to deal with professionals who have created a specific motherboard model release updates for the BIOS, as well as special tools for code update BIOS.