"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j4s9f0$83h$1@dont-email.me...
> Researchers have discovered one of the first pieces of malware ever used in
> the wild that modifies the software on the motherboard of infected computers
> to ensure the infection can't be easily eradicated.
>
> Known as Trojan.Mebromi, the rootkit reflashes the BIOS of computers it
> attacks to add malicious instructions that are executed early in a computer's
> boot-up sequence. The instructions, in turn, alter a computer's MBR, or master
> boot record, another system component that gets executed prior to the loading
> of the operating system of an infected machine. By corrupting the processes
> that run immediately after a PC starts, the malware stands a better chance of
> surviving attempts by antivirus programs to remove it.
>
> http://www.theregister.co.uk/2011/09...it_discovered/
>
> --
> Dave - exactly what *I've* suspected for years! ;-)

For years, you've been wrong. D

Now that it is ITW so they say, the naysayers will be silenced. But
you might want to consider that BIOS thing to be more like a
payload that *might* sink the roots deeper than was otherwise
possible. It is likely to owe more of its wilding ability to its being
a user-mode, kernel mode, *and* an MBR mode rootkit - plus a
virus - than to its being a BIOS modder. Just wait until some
wormable exploit is written to spread it or it gets adopted by evil
botnets.

TPM anyone?