Security researchers have found and dissected new malware in the wild that attempts to infect the BIOS, or basic input/output system, an unusual capability which makes the malware extraordinarily difficult to remove.

Touted as the first such malware in at least four years, Trojan.Mebromi adds malicious components into the BIOS in order to take over the system upon booting up. The corrupted BIOS attempts to modify a computer's master boot record, which is the component that gets loaded just before the operating system.

Loading the malware before the operating system gives it a higher chance of staying undetected, while the modifications to the BIOS ensure that simply repairing the MBR is inadequate.  A kernel-mode rootkit rounds off the malware's bag of tricks to stay out of the reach of antivirus defenses.

At the moment, Mebromi will only infect the Award BIOS, which is manufactured by Phoenix Technologies; the malware will infect only the MBR otherwise.

The challenge resides in cleaning up an infected system whose BIOS firmware has been corrupted. In a blog post published earlier in the week, Webroot researcher Marco Giuliani wrote: "Developing an antivirus utility able to clean the BIOS code is a challenge, because it needs to be totally error-proof, to avoid rendering the system unbootable at all."

Giuliani suggested that the job of repairing BIOS infections should be left to the developers of the specific motherboard model.

For more:
- check out this blog post from Symantec
- check out this blog post from Webroot
- check out this article at The Register
- check out this article at SC Magazine

Related Articles:
Windows XP systems are hotbed for rootkit infections
New MBR rootkit infection thwarts repair efforts
Windows 8 to feature significantly faster bootup time