"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j6sfd0$26j$1@dont-email.me...
> You've advised that this in impossible!

No I haven't. I believe I told you that there was not yet enough room in the
BIOS for a virus *infection* in the BIOS. I also am the one that pointed you to
several papers on PCI rootkits and such.

LoJack for Laptops comes closer to being a virus than does Mebromi.

I think that soon there will be a virus that infects the BIOS and have always
thought so, but it may not behave like your typical malware virus.

> Your comments requested on this item:-
>
> **
>
> Security specialists have recently discovered a virus that makes its way into
> the BIOS, making it very hard to get rid of using current commercial
> anti-virus solutions.

Those security specialists should explain to me how Mebromi qualifies
as a virus. While it is a PE file infector, I don't see any recursive
replication
going on overall. Before any discussion with them, I'd have to ascertain
whether or not they subscribe to the "all worms are viruses" idea - and
*then* ask them to explain how Mebromi even qualifies as a worm once
that idea is despensed with.

AFAIK, it is a trojan that installs an MBR rootkit and uses the BIOS as
a guardian for that MBR rootkit (persistence). In addition, a kernel mode
rootkit that hides an additional downloader's actions. It infects two specific
system PE files as a startup method for said stealth downloader.

If it had *infected* those programs with a copy of its own replicative
function it would *then* qualify as a virus (if there was recursion). In
order for the *BIOS* to be said to have been *infected* by a *virus*
there would have to be replicative code in the BIOS itself, and the
code it writes to the disk would have to have reciprocating code
to reinfect the BIOS if the administrator had flashed it (like LoJack
claims to do) - you need that recursion to make this a virus, yet as
I understand it, only the Mebromi installation routine has the BIOS
flash capability - not the infestation itself. So, it remains a trojan
with respect to BIOS infection.

I could be wrong, but this is how I understand it to be.

[...]

Do you have any specific on topic questions for the spyware group?

I think anything about this Mebromi is relevant to spyware, but they
may not be interested in any of my opinions on the matter of malware
type classification.

P.S. I don't mind the crosspost to a.p.s-e <waves>.