Article: Potential for Destructive PC Microcode or BIOS Virus

Community

Email Notifications

Personal Links

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

The attached article discusses the potential for microcode based viruses that could potentially flash the BIOS and make the PC completely unusable. This type of attack occurred on a limited basis in 1998 with the CIH virus and here's hoping this type of highly destructive attack won't be forthcoming.

Article: Potential for Destructive PC Microcode or BIOS Virus

Awaiting the PC Killers

AUGUST 22, 2005 (COMPUTERWORLD) - The malicious code enters your network undetected, rapidly infecting more than 100 machines. But this is no ordinary virus. Your antivirus and disk recovery tools can't help, because the disk drives won't spin up at all. The drives are toast. The PCs are completely inoperable. The era of microcode attacks has begun.

Could viruses really attack the low-level microcode that makes disk drives run? It's entirely possible, disk technology experts say. Dimitri Postrigan knows how such a virus might be created -- but he's not telling. Postrigan reverse-engineers and programs hard disk drives at ActionFront Data Recovery Labs.

He says each disk drive has its own internal operating system that enables the device to start up. The operating system microcode resides in a special system area of the disk. "A virus could be written which would destroy the whole system area on a drive. This will make the drive and data almost unrecoverable," Postrigan says.

Posted: Aug 27 2005, 09:34 PM by Harry Waldron | with 3 comment(s)

Comments

TrackBack said:

# August 27, 2005 6:37 PM

Anonymous said:

If they knew exactly how the hard drive worked. If they had microcode for every hard drive or processor. If they had a way to get into kernel mode to infect the microcode. If they had sufficient privilages. If they managed to get the code executed. If the attempt was not detected. If the firmware has microcode (most does).

I doubt it would ever happen outside a lab.

# July 12, 2008 6:30 AM

Anonymous said:

Oh, and note that the processor would have to be reinfected on startup, or a simple reboot would restore the system.

# July 12, 2008 6:37 AM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security