Rootkits Headed For BIOS
Winga
MrSouth Africa Icrontian
Insider attacks and industrial espionage could become more stealthy by hiding malicious code in the core system functions available in a motherboard's flash memory.
ACPI has its own high-level interpreted language that could be used to code a rootkit and store key attack functions in the BIOS. Basic features were tested such as elevating privileges and reading physical memory, using malicious procedures that replaced legitimate functions stored in flash memory.
ACPI has its own high-level interpreted language that could be used to code a rootkit and store key attack functions in the BIOS. Basic features were tested such as elevating privileges and reading physical memory, using malicious procedures that replaced legitimate functions stored in flash memory.
Source: SecurityFocus“It is going to be about one month before malware comes out to take advantage of this. This is so easy to do. You have widely available tools, free compilers for the ACPI language, and high-level languages to write the code in.”
0
Comments