This can be one heck of a serious problem if the reporting is accurate.
The author/researcher , Jonathan Brossard, appears to have created a strain of malware that’s nearly impossible to disinfect.
At the Black Hat security conference in Las Vegas Thursday, Brossard plans to present a paper on “Rakshasa,” a piece of proof-of-concept malware that aims to be a “permanent backdoor” in a PC, one that’s very difficult to detect, and even harder to remove.
This code seems to use a PC's own hardware as a persistent repository for re-infection.
.... Rakshasa infects the computer’s BIOS, the part of a computer’s memory that boots its operating system and initializes other system components. But it also takes advantage of a potentially vulnerable aspect of traditional computer architecture: Any peripheral like a network card, CD-ROM, or sound card can write to the computer’s RAM or to the small portions of memory allocated to any of the other peripherals. So Brossard has given Rakshasa the ability to infect all of them. And if the BIOS or network card is disinfected, for instance, it can be reinfected from any one of the other compromised components...
In a review by For bes - ever the mouthpiece for corporate might, they asked Intel about this theoretical malware:
A spokesperson for Intel, the company as close as any to being responsible for the architecture of modern PC hardware, says it’s reviewed Brossard’s paper, and dismisses it as “largely theoretical,” writing that “there is no new vulnerability that would allow the landing of the bootkit on the system.” The company’s statement argues that it wouldn’t be possible to infect the most recent Intel-based machines that require any changes to BIOS to be signed with a cryptographic code. and it points out that Brossard’s paper “assumes the attacker has either physical access to the system with a flash programmer or administrative rights to the system to deliver the malware. In other words, the system is already compromised with root/administrative level access. If this level of access was previously obtained, a malicious attacker would already have complete control over the system even before the delivery of this bootkit.”
Sounds like the famous "last words" of yet another over-confident industry proclaiming the glorious invulnerability of their "new and improved" technology.
Here is the text of the research paper for your consideration.
(visit the link for the full news article)
edit on 27-7-2012 by Maxmars because: (no reason given)