"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j6u832$in8$1@dont-email.me...
> FromTheRafters wrote:
>> "~BD~"<~BD~@nomail.afraid.org> wrote in message
>> news:j6sfd0$26j$1@dont-email.me...
>>> You've advised that this in impossible!
>>
>> No I haven't. I believe I told you that there was not yet enough room in the
>> BIOS for a virus *infection* in the BIOS. I also am the one that pointed you
>> to
>> several papers on PCI rootkits and such.
>
>
> Forgive me if I misunderstood. I have always valued your help and advice.
>
>
>> LoJack for Laptops comes closer to being a virus than does Mebromi.
>>
>> I think that soon there will be a virus that infects the BIOS and have always
>> thought so, but it may not behave like your typical malware virus.
>
>
> Such a virus could render a computer more or less useless?

It could be benign as well.

> Would a cost-effective repair be possible do you think?

Of course, what can be done in software can be undone in software. This
is less about the virus aspect and more about persistence and stealth.

Once you know it is there, removing it is a breeze.

[...]

>> AFAIK, it is a trojan that installs an MBR rootkit and uses the BIOS as
>> a guardian for that MBR rootkit (persistence). In addition, a kernel mode
>> rootkit that hides an additional downloader's actions. It infects two
>> specific
>> system PE files as a startup method for said stealth downloader.
>
> I know you like to be 'correct' in the use of terms, FTR (and rightly so) -
> but the *effect* is what *really* matters IMO!

And that *effect* depends entirely on what it *is* rather than what
people think it is.

[...]

>> Do you have any specific on topic questions for the spyware group?
>
> Yes. How would anyone know that they had been infected in this manner if their
> anti-malware programmes didn't flag same?

They wouldn't.

But these things don't exist in a vacuum. The chances are great that such
an infection would be used to persistently hide the activities of some
associated malware. That associated malware may well be detected
from outside the stealthed environment. Usually, there will be network
activity associated with the malware for instance.

[...]