In 2009, a study was conducted which is boot sector based rootkits. Developments in this area have led to what has been developed and released a “Bootkit”. Despite the comments and suggestions that this bootkit code could be moved into the BIOS for execution, there have not yet been any examples of such code made public. The authors of the work on Persistent BIOS Infection found that VMware includes ROM BIOS, and the GDB server, which can be used for debugging applications, starting with the BIOS. After all successfully VMware continues, the work was done in the BIOS modification VMware other similar port BIOS.
In the course of this project, the author conducted tests on the physical PC. A process that has been used:
- Insert a new challenge at the beginning of the module decompression our additional code.
- Copy all of our extra code into a new section of memory.
- Update call decompression module to point to the new location in memory where our code.
- Go back to the decompression unit and continue execution.
This project has shown that the BIOS rootkit was portable enough to work on multiple systems (VMware, the HP laptop).
More.