A new type of “malware” (a more general term than “virus”) has been discovered by researchers. It can infect the firmware of a computer, so that it resides in part on computer components other than the hard drive. It infects the BIOS (the mini-operating system that starts up the computer and then loads the full-fledged operating system) as well as some hardware components.
Reinstalling the operating system on a new hard drive does not eradicate it. It hides beyond the reach of any anti-virus software in the BIOS and in firmware, and is thereby able to re-infect the software on the hard drive. It has been dubbed: “badBIOS”.
I was skeptical at first. But there is a post on the topic over at Schneier.com, and an ARS Technica article that give the report credibility. The researcher who discovered this has a Twitter discussion on the topic. It looks like this is real.The badBIOS malware infects Macs, PCs, and Linux equally. This is a very high-tech type of malware, which must have required many person-hours of research to figure out and to implement. And the fact that it works on many different computers, with different BIOS and firmware/hardware as well as multiple versions of Windows and Linux only underscores the massive amount of time and effort and money that went into designing this malware. How bad is it? Once this malware infects a computer, it is almost impossible to get rid of it. And if two computers in the same room are infected, the malware on one system can communicate with the malware on the other system — by using ultrasonic sound through the computers’ speakers and microphones. Note well that the bad BIOS malware does NOT infect a clean computer using sound. But once a computer is infected, it can communicate with other infected computers by sound waves. Whisky Tango Foxtrot. Can this really be true?
What does it do to your system? It does not steal banking info, or personal info, or lock up your computer so as to demand money. It does not maliciously delete lots of files. It infects a computer, resists and repairs any attempts to remove it, and communicates with other infected computers. But it does not do anything that a typical computer virus or malware would do. Very strange. How does it spread? When an infected USB stick is connected to a computer. It does not seem to spread over the internet, as far as we now know. The take-away from this story is that computer security is one of the most difficult types of OPSEC (operational security), especially for ordinary computer users who are not experts. Back-up your data on an external hard drive and perhaps in encrypted form online. Don’t rely on one computer to store all your most important information. And keep your antivirus software up-to-date.