Does updating bios remove infection
This gives attackers a single snippet of code that they can target in order to compromise many different BIOSes. For the first time, researchers showed that BIOS-level malware can practically infect a wide variety of hardware.
To demonstrate, the researchers injected code into the generic BIOS decompression routine of a commercial BIOS, and updated the corresponding checksums in the firmware.
In March at the Can Sec West security conference, held in Vancouver, researchers Alfredo Ortega and Anibal Sacco of Core Security Technologies Inc.
demonstrated a generic BIOS attack that can inject malicious code into many different BIOS types.
BIOS updates hosted by third-party sites may be infected, and the BIOS update tools themselves may be malicious.
The result is that users cannot confirm that they have downloaded a manufacturer-approved BIOS.
Moreover, attackers can leverage standard infection vectors to execute their own BIOS-flashing utilities, without the knowledge of the user. It's possible to calculate the cryptographic hash of a known, trusted BIOS, and compare that to the BIOS that is actually installed.
Back in 1999, the infamous Chernobyl virus, or CIH virus, decimated at least 700,000 systems worldwide.
The Chernobyl malware was designed to overwrite the hard drive and erase the flash BIOS for motherboards that use the Pentium 430TX chipset.