Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

VirusTotal bashes bad BIOSes with forensic firmware fossicker

AV outfit finds new ways to banish low level malware to the .bin

VirusTotal can now analyse firmware for known malware, prying inside almost-hard-coded code for hidden executables.

The service allows users to search for low-level infections in embedded devices and BIOS which could represent the handiwork of sophisticated malware or well-resourced or dedicated attackers.

Security engineer Francisco Santos says it could help build a database of firmware to benefit the research community.

"BIOS malware is no longer something exclusive to the NSA - Lenovo's Service Engine or Hacking Team's UEFI rootkit are examples of why the security industry should put some focus on this strain of badness," Santos says.

"Since the BIOS boots a computer and helps load the operating system, by infecting it attackers can deploy malware that survives reboots, system wiping and reinstallations, and since antiviruses are not scanning this layer, the compromise can fly under the radar."

Portable executables can be extracted from the images and examined in VirusTotal such that those targeting Windows systems - and therefore most likely to be malicious - can be identified.

Those inclined to dump their BIOS and serve it up to VirusTotal can use a handful of free tools for the job.

Santos warns that private data like WiFi passwords should be removed from firmware before it is uploaded.

Full capabilities of the tool include:

  • Apple Mac BIOS detection and reporting;
  • Strings-based brand heuristic detection to identify target systems;
  • Extraction of certificates and executable files from firmware images;
  • PCI class code enumeration allowing device class identification
  • ACPI tables tags extraction;
  • NVAR variable names enumeration;
  • Option ROM extraction, entry point decompilation and PCI feature listing;
  • Extraction of BIOS portable executables and identification of potential Windows executables contained within the image, and
  • SMBIOS characteristics reporting.

®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like