[Securelist] Malware Statistics (sept, 2011)
September saw events that could well have a major bearing on the future development of malware and antivirus technology, following the discovery by experts from several antivirus companies of a Trojan capable of infecting BIOS.
By launching from BIOS immediately after the computer is turned on, a malicious program can gain control of all the boot-up stages of the computer or operating system. Injection of malicious code at this level was previously unheard of. Back in 1998, the CIH virus was capable of reprogramming BIOS, but all it could do was corrupt BIOS making it impossible to start the computer; it couldn’t gain control of the system.
Clearly, this is something that would interest virus writers, although the process is fraught with complications. The primary challenge is a nonstandard BIOS format: the author of a malicious program must support each and every manufacturer’s BIOS and get a handle on the ROM firmware algorithms. The rootkit detected in September is designed to infect BIOS manufactured by Award and appears to have originated in China. The Trojan’s code is clearly unfinished and contains debug information, but we have verified its functionality and it works.