Birus-es. Part one.

What is birus?

Birus – is short from BIOS-virus (according to vote results, this word was chosen as a common name for "A virus in BIOS" or "A virus for BIOS") – a kind of virus that resides in Flash/EEPROM chip. In other words, unlike all other viruses, it "lives" in computers permanent memory, and you can’t get rid of it, without reflashing BIOS. In addition, it’s very difficult to detect (and sometimes – absolutely impossible). In the rest part (regarding harmful activity) biruses are just the same as Trojan horses et cetera.

How does a birus work?

Once got control, birus puts itself into attacked computer BIOS (for example, by reading current firmware and flashing it back with malicious code added) and reboots computer (or just wait for user to do it later). At next boot this added code becomes absolutely invisible for any program working inside operating system. And even more – birus don’t care about installed OS, it can work with every one of them, will it be Windows, or Linux, or MAC OS or whatever.

What can a birus do?

• Infect (get control and/or execute other commands) any application in any OS.
• Become totally invsibile – it can make detection impossible.
• Become totally incurable – it can disable BIOS reflash.
• It can do its work at any time and absolutely seamless (you can’t notice it and stop it) while computer does your everyday work.
• It has access to any computer device, with rights greater than OS itself.

Is there any way to protect my computer?

Of course, there is. But (first things first!) let’s point what actions WON’T help:

1. Setting BIOS password – it helps sometimes to stop a man, but never a program.
2. Reflashing BIOS on infected computer itself. Even a “clean boot” won’t be clean.

The one and only birus protection is making flash chip write-protected. And only old computers have this jumper onboard. I mean really old ones - Pentium I and II.

I don’t believe that biruses will ever exist. Can you prove it?

A working proof is well known and widely spread since 2002. You can get it from www.ROM.by. It is the famous BIOS Patcher. It works as a typical semiautomatic birus – flashing process is carried by user. And, of course, it works for good purposes, making no harm. But anyway – it is a birus. And the fact that it works even on most modern systems, nonexistent in days it was written – is just a brilliant example of birus potentialities.

Parenthetic remark 1.

In 2004, just before closing BIOS Patcher development I successfully tested one experimental feature – flashing BIOS using its own (BIOS built-in!) resources. Realized the meaning of that, I cancelled all further research, leaving only a sarcastic comment at www.ROM.by forum "Whatever a man invents – you get a new weapon."

Parenthetic remark 2.

In 2006 my experiments with SMM came to active phase. And in less than a year I suceeded in making another birus ability true – get full control under any OS (Windows, Linux, MAC, etc) It was proved again - «Whatever a man invents…»

Silence is golden.

It’s not hard to guess what may come out of these technologies, so firstly I decided just to jam it and never make it public, and not even give out a hint on how it works. Naturally, if I could do it, there will be others, who will repeat my way, and go further. And really, a year later statements like "A super-hyper-mega-ultra rootkit was found, exploiting processor hardware vulnerabilities" popped up. Next year these news become more frequent. Though a vast majority of these news were (and remains) simply a piece of computer-related gossip, bloviating about things no one understands. And many times I wanted to put in my two cents' worth... Oh, that doesn’t matter. A recent Internet scan on this matter showed that the cat has jumped out of the bag, and this matter can’t be jammed anymore. So, it’s time to get from passive contemplation to action, to pursue a preemptive tactic – to get ready for birus era. I have to write a BIOS Patcher 8.0 – the first antibirus ever.