Bios Virus or Fat Partition

During the course of the trial, the defense expert was talking about Trojans that were so deeply embedded in the machine that after a re-installation of the operating system, with Adaware and Norton Antivirus and then everything up-dated, it would remain active. In other words, what ever was on the machine would reactivate and conduct business as usual despite the properly re- installed and updated protection.

The Government Expert defeated the presentation by the Defense Expert with one word – Preposterous and the explanation that things don’t work that way in the real world.

Tiger’s Tail #2 is on a quest to prover her wrong and to get a good idea of how a military strength computer infection works and what the pieces are called (if they have been named).

Step 1. I did a 7 pass drive wipe with Iolo Technologies Drive Scrubber and then overwrote the complete scrubbing with all zero’s. I felt that a well scrubbed drive was necessary as a first step because (continued)

    Things do work that way in the real world. A Bios virus is at a completely different level of the machine. Virus checkers, etc. do not (to my knowledge) examine the code of the Bios, so to think that they would protect one from this is optimistic to say the least. Furthermore BIOS scripting would allow someone to insert malicious code and you would never know it was there. This leads one into some interesting scenarios in regards to polymorphic virii that self-restart via the BIOS. Theoretically the Virus embedded in the OS could learn each time it was “removed” and eventually defeat the Anti virus software.

