Wikipedia user Quique251
The Trojan.Mebromi can leave a dual-processor PC motherboard such as this at risk.
By
updated 9/16/2011 5:44:08 PM ET 2011-09-16T21:44:08

Security researchers have found a nasty new virus that borrows in to a computer's motherboard, infects PCs as soon as they boot up, and is particularly difficult to detect and dispose of.

The security firm Symantec identified the threat as Trojan.Mebromi, a piece of rootkit malware — malicious software that hides its presence on infected systems — that worms its way onto the basic input-output system (BIOS) built into a computer's motherboard.

Once it's gotten into the BIOS via an attached corrupt file, Mebromi then loads itself onto the PC's master boot record (MBR), another component that gets executed prior to the loading of a computer's operating system.

Think of it in terms of the human body: Mebromi doesn't infect the bloodstream on the way to the heart; it gets into the heart first and then takes control from there.

And as a doctor might toil to treat such a case, anti-virus companies could face a similar struggle.

Because Mebromi stores itself inside the BIOS, anti-virus software would need to effectively remove the Trojan without damaging the motherboard it's hiding under.

Added to that problem is Mebromi's persistence: it could potentially keep executing itself every time a user turns on his computer.

"Even if an anti-virus detects and cleans the MBR infection, it will be restored at the next system startup when the malicious BIOS payload would overwrite the MBR code again," Marco Giuliani from the security company Webroot wrote.

To lower your risk of falling prey to this or any other computer viruses, make sure your computers and all other Internet-connected devices are equipped with anti-virus software.

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments