Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM"
From: Art (null_at_zilch.com)
Date: Tue, 20 Sep 2005 00:40:50 GMT
On Mon, 19 Sep 2005 23:58:01 GMT, "David H. Lipman"
>States the following...
>"Note: there will be some false positives. Also, this does not detect stealth software that
>hides in BIOS, Video card EEPROM, disk bad sectors, Alternate Data Streams, etc. "
>We have discussed the possibility of infecting a BIOS over and over and the consensus has
>been that is not possible.
I thought the consensus was that no known malware infects the BIOS.
>Based upon my studying both viruses and hardware I can't see how
>it is possible.
Why? You can download BIOS updates and reflash.
>Yet the above Microsoft web site on a RootKit Detector indicates
>"...stealth software that hides in BIOS, Video card EEPROM".
Maybe they've seen POCs. There probably are BIOS reflashing
malwares that simply haven't surfaced.