Safer Boots: Feds Urge Malware-Resistant BIOS

http://www.informationweek.com/government/security/safer-boots-feds-urge-malware-resistant/240006190?google_editors_picks=true

Memo to manufacturers: Improve the security of the BIOS ROM chip flashware running on PCs and servers.

That's the gist of a recently released draft report from the National Institute of Standards and Technology (NIST), which offers advice on how manufacturers can better protect the BIOS flashware used on servers. NIST currently is soliciting comments on the draft report, which can be filed with the agency until Sept. 14, 2012.

Why worry about the BIOS? "Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. Malicious BIOS modification could be part of a sophisticated, targeted attack on an organization--either a permanent denial of service or a persistent malware presence," says the report.

Previous examples of BIOS-infecting malware are relatively rare, but include the Windows-targeting CIH or Chernobyl virus, which appeared in 1998 and could flash a BIOS and corrupt it, after erasing the data on a PC.