In a new twist on the ever-changing methods used by malware authors, a recently-discovered virus has been found to infect the BIOS of the targeted computer. Symantec has named this threat Trojan.Mebroni and describes it as follows: Trojan.Mebroni is a Trojan horse that infects the BIOS and the Master Boot Record (MBR). It also downloads an additional file on to the compromised computer.
Malware that infects the BIOS is not a new phenomenon. The CIH Virus, released in 1998, was the first widespread malware to target the BIOS. This threat was a major concern to motherboard manufacturers at the time. Many motherboards of that era were shipped with a sticker prominently displayed near the center of the board. That sticker warned that the warranty of the motherboard was void if the system builder did not run the included anti-virus program before putting the computer into service.
In recent years this type of payload has been absent from newer strains of malware - until now. And now it's back, with a vengeance. With Trojan.Mebroni, the malware authors have built on the basic idea of infecting the BIOS and added some of the more sophisticated techniques that have been developed in the intervening years.
As with some other recent examples of malware, this Trojan also infects the Master Boot Record of the hard drive on the infected computer. With this one-two punch, Mebroni can easily avoid detection and removal by traditional anti-virus programs.
Another significant implication of this approach is that this infection will survive a popular approach to malware removal that is considered by some to be foolproof - reimaging the hard drive. While favored by some technicians as the easiest way to be sure all malware is gone, this procedure normally does not rewrite the MBR. And it makes no changes to the BIOS.
As a result, the procedure required to effectively remove this threat must include the additional steps of rebuilding the MBR and replacing the infected BIOS programming. The exact procedure for removing the infection from the BIOS will vary from one system to another.
Once again, the malware authors have upped the ante on disinfecting compromised systems. As always, the conscientious tech must do whatever it takes to keep updated on the ever-evolving malware landscape.