1

Advanced Persistent Attacks:

BIOS Rootkit -“Mebromi”

Hamza Sirag, Nihant Bondugula, Rishabh Gupta

Graduate School of Computer Science, George Mason University, Fairfax, VA

1. Abstract

As cyberspace has evolved malware has also

evolved. According to the United States

Computer Emergency Readiness Team, malware

is defined as malicious software that consists of

programming (code, scripts, active content, and

other software) designed to disrupt or deny

operation, gather information that leads to loss of

privacy or exploitation, gain unauthorized access

to system resources, and other abusive behavior.

During the early ages of cyberspace malware

primarily consisted of viruses, worms, and Trojan

horses. Malware has rapidly evolved to include

spyware, adware, scareware, crimeware, rootkits,

and other malicious software. Many types of

malware have become persistent-constantly

attacking a system even if the system has been

disinfected. With the strength in anti-virus

engines it has been possible to successfully

eradicate most forms of malware. If malware is

unable to be removed then the system can easily

be formatted and the OS can be reinstalled on it.

Even though malware removal can be a

complicated task even with the proper software,

the techniques associated with malware removal

have been very successful. Recently, anti-

malware software provider Webroot announced

that a Chinese security company blogged about

the first BIOS rootkit known as “Mebromi” that

has been released in the wild. Our research will

examine Mebromi and provide a deep analysis of

this newly found advanced persistent attack. We

will also try to explain the implications

associated with malware targeting the BIOS. Our

research will explain the technological

vulnerabilities associated with Mebromi, the tools

that take advantage of those technological

vulnerabilities, mitigation of the technological

vulnerabilities, future of advanced persistent

attacks, future of BIOS targeting, and provide a

conclusion summarizing our research.

2. Analysis

2.1 BIOS

According to PC Guide, BIOS stands for

basic input/output system. The system BIOS is

the lowest-level software in the computer; it acts

as an interface between the hardware (especially

the chipset and processor) and the operating

system. The BIOS provides access to the system

hardware and enables the creation of the higher-

level operating systems that needs to be run in

order to execute applications. The BIOS is also

responsible for allowing users to control the

computer's hardware settings and various other

system functions. According to How Stuff Works

the BIOS is stored on a non-volatile ROM chip

on the motherboard. The BIOS is the first code

run by a computer when powered on ('boot

firmware'). When the computer starts up, the first

job for the BIOS is to initialize and identify

system devices such as the video display card,

keyboard and mouse, hard disk drive, optical disc

drive and other hardware. The BIOS then locates

the boot loader software held on a peripheral

device (designated as a 'boot device'), such as a

hard disk or a CD/DVD, and loads and executes

that software, giving it control of the computer.

2

2.2 Rootkit

According to McAfee a Rootkit is defined

as software that enables continued privileged

access to a computer while actively hiding its

presence from administrators by subverting

standard operating system functionality or other

applications. The term rootkit is a concatenation

of "root" (the traditional name of the privileged

account on Unix operating systems) and the word

"kit" (which refers to the software components

that implement the tool). The term "rootkit" has

negative connotations through its association

with malware.

2.3 Mebromi

According to Marco Giuliani, Webroot, a

Chinese security company called Qihoo 360

recently blogged about a new BIOS rootkit

hitting Chinese computers nicknamed “BMW.”

This turned to be a very interesting discovery as

it appears to be the first real malware targeting

system BIOS since a well-known proof of

concept called IceLord in 2007. The malware is

called Mebromi and contains a bit of everything:

a BIOS rootkit specifically targeting Award

BIOS, a MBR rootkit, a kernel mode rootkit, a

PE file infector and a Trojan downloader. At this

time, Mebromi is not designed to infect 64-bit

operating system and it is not able to infect the

system if run with limited privileges.

2.3.1 History of BIOS Rootkits

In 1998 the first attempt at attacking the

BIOS was initiated. The CBH/Chernobyl

infection was an infamous virus that was able to

flash the motherboard BIOS and erase it. By

erasing the BIOS the computer became

completely paralyzed. According to Marco

Giuliani, the CBH/Chernobyl virus was

exploiting a privilege escalation bug in Windows

9x operating system which allowed it to

overwrite the Interrupt Descriptor Table with its

own payload from user mode, then triggering the

overwritten interrupt handler and its malicious

code is executed in kernel mode. In 2007 a well-

known proof of concept of a BIOS rootkit was

developed called IceLord which affected only

Award BIOS systems.

2.3.2 How Mebromi Operates

According to Marco Giuliani, Mebromi first

begins by loading its own kernel mode driver

which will handle the BIOS infection. The

Mebromi infection begins with a small encrypted

dropper that contains five crypted resource files:

hook.rom, flash.dll, cbrom.exe, my.sys, bios.sys.

To do so, it uses two methods: it either extracts

and loads the flash.dll library which will load the

bios.sys driver, or it stops the beep.sys service

key, overwriting the beep.sys driver with its own

bios.sys code, restart the service key and restore

the original beep.sys code. The bios.sys driver is

the code which handles the BIOS infection. To

read the BIOS code, it needs to map the physical

memory located at physical memory address

0xF0000, this is where the BIOS ROM usually

resides. Once read, the driver verifies if the BIOS

ROM is Award BIOS, by checking the presence

of the string: $@AWDFLA. If found, the driver

tries to locate the SMI port that will be used by

the rootkit to flash the BIOS ROM. If the BIOS

ROM matches the string, the rootkit saves a copy

of the BIOS to the file C:\bios.bin and pass the

next step to the user mode component of the

infection. The dropper extracts two files:

cbrom.exe and hook.rom. Cbrom.exe is a

legitimate tool developed by Phoenix

Technologies, used to modify the Award/Phoenix

BIOS ROM binaries. Hook.rom is the rootkit ISA

BIOS ROM that is added to the BIOS binary,

containing the rootkit infection. The dropper

executes cbrom.exe with the /isa switch

parameter, passing the hook.rom file. Before

actually injecting the malicious ISA ROM, the

dropper checks the BIOS ROM code looking for

the “hook rom” string, used as a marker of the

infection. If found, it means that the BIOS is

already infected and it doesn’t need to be infected

again. After that the bios.bin file has been

modified, the bios.sys driver send to the BIOS

SMI port the command 0×29, used to erase the

BIOS flash, and then the command 0x2F used to

write the new BIOS ROM code to the BIOS

ROM. The BIOS is now infected, and the dropper

goes to its next step: infecting the Master Boot

Record. The infection is 14 sectors long and the

3

original MBR is stored to the sector 7. To avoid

potential startup issues, the infected MBR stores

a copy of the original MBR’s partition table.

Finally the dropper extracts the my.sys driver on

the root of the C: drive. My.sys is a kernel mode

rootkit that hijacks disk.sys’s IRP major

functions, by redirecting the

IRP_MJ_READ/WRITE and

IRP_MJ_DEVICE_CONTROL native functions.

It is used to hide the infection on the disk. Even if

the BIOS infection doesn’t succeed, the rootkit

does infect the MBR. At the next system startup,

after the BIOS POST phase, the malicious code

injected inside it prepares the full MBR infection

(all the first 14 sectors are stored inside the

malicious BIOS rom, 7168 bytes in total) and

checks the MBR code of the hard drive looking if

the infection is already present. To do it, the

BIOS malicious code checks for the presence of

the string “int1” at the offset 0×92. If the string is

not found, the BIOS malicious rom will overwrite

all the first 14 sectors of the hard drive, thus

restoring the MBR infection. The system startup

procedure continues and the control now passes

to the malicious master boot record. Here the

malicious payload analyzes the original MBR

partition table and looks for the active partition,

checking if it’s using a NTFS or FAT32 file

system. The malicious MBR code contains

indeed NTFS/FAT32 parser routines, used to get

inside the file system to look for winlogon.exe or

wininit.exe file. When found, the malicious code

contains a file infection payload, able to inject

malicious code inside the specified file and hijack

the entry point of it. Before infecting the file, the

MBR malicious code checks if it is already

infected, by looking for the string “cnns” at the

offset 0×50 from the beginning of the PE file.

This is the infection marker. If the string is not

found, the infection stores a crypted payload –

about 600 bytes of code – inside winlogon.exe or

wininit.exe and hijacks the PE entry point to the

beginning of it, saving the original entry point at

the offset 0×60. The job of the MBR infection

ends here, waiting for the Windows startup which

will load the patched executable. When loaded,

the payload self-decrypt its malicious code and

loads in memory the my.sys driver. Then it tries

to download an additional infection from the

(now unavailable) URL address:

http://dh.3515.info:806/test/91/calc.

According to Marco Giuliani the infection is

clearly focused on Chinese users, because the

dropper is carefully checking if the system it’s

going to infect is protected by Chinese security

software Rising Antivirus and Jiangmin KV

Antivirus. To gain access to the BIOS, the

infection first needs to get loaded in kernel mode

so that it can handle with physical memory

instead of virtual memory.

Mebromi is composed of various forms of

malware. Mebromi not only contains a standard

rootkit but also contains an MBR rootkit.

According to Elizabeth Burns, an MBR rootkit is

a malicious program that attacks a Windows

computer's Master Boot Record, which is part of

the system's hard drive used during the start-up

process, according to the F-Secure. Mebromi also

contains a kernel mode rootkit. According to

Microsoft, kernel mode rootkits run with the

highest operating system privileges (Ring 0) by

adding code or replacing portions of the core

operating system, including both the kernel and

associated device drivers. Most operating systems

support kernel-mode device drivers, which

execute with the same privileges as the operating

system itself. As such, many kernel-mode

rootkits are developed as device drivers or

loadable modules, such as loadable kernel

modules in Linux or device drivers in Microsoft

Windows. This class of rootkit has unrestricted

security access, but is more difficult to write.

Kernel rootkits can be especially difficult to

detect and remove because they operate at the

same security level as the operating system itself,

and are thus able to intercept or subvert the most

trusted operating system operations. Any

software, such as antivirus software, running on

the compromised system is equally vulnerable.

Operating systems are evolving to counter the

threat of kernel-mode rootkits. For example, 64-

bit editions of Microsoft Windows now

implement mandatory signing of all kernel-level

drivers in order to make it more difficult for

untrusted code to execute. Mebromi also contains

a PE file infector. A PE file infector is an

4

infection based attack that targets the Windows

PE file environment. Mebromi is also made up of

a Trojan downloader. According to F-Secure, a

Trojan downloader is a type of Trojan that

secretly downloads malicious files from a remote

server, then installs and executes the files.

3. Technology Vulnerabilities

Mebromi is a rootkit that checks upon

execution if the system that is being infected is

using the Award BIOS or not, if the system is

using the Award BIOS then it infects the BIOS

and then installs a MBR rootkit infecting the

Master boot record. But one would question why

only the Award BIOS? Researchers are still

trying to figure out the answer to this question as

to why these hackers have chosen only the Award

BIOS. One of the possible reasons is that in 2007

there was a similar proof of concepts called the

IceLord BIOS rootkit which was targeting the

Award BIOS that uses a similar approach as

Mebromi. Many believe that Mebromi is an

extension to the proof of concepts that was

designed in 2007 that attacked the Award BIOS.

The benefit of taking advantage of this

vulnerability is that this sort of attack is

persistent. Mebromi targets Award BIOS and

attaches itself to it so it can infect a client

computer over and over again. The malware then

infects the master boot record to be able to infect

winlogon.exe or winnt.exe to be able to use

Windows to download additional malware. There

is no easy way to get rid of Mebromi at this time

as traditional anti-virus software won't reach

down to the BIOS level. In another words, when

it comes to a human body when all the viruses

infect the bloodstream, Mebromi infects the heart

itself and then takes control of the entire body.

4. Tools that Take Advantage of

Vulnerabilities

Currently there is no specific “tool” that takes

advantage of the mentioned vulnerabilities

besides Mebromi. According to Webroot "storing

the malicious code inside the BIOS ROM could

actually become more than just a problem for

security software, given the fact that even if an

antivirus detects and cleans the MBR infection, it

will be restored at the next system startup when

the malicious BIOS payload would overwrite the

MBR code again."

Infecting the BIOS should allow the malware

to gain control of all the boot up stages of the

computer. A malware can be injected into the

operating system during the boot up stage

directly from the BIOS. Kaspersky Lab security

expert Alexander Gostev explains that BIOS

infection remains to be a proof-of-concept

particularly due to the fact that BIOS are different

from each PC. Thus, the virus author has to get

hold of BIOS firmware information from each

PC manufacturer to be able to conduct massive

attacks. “The rootkit detected in September is

designed to infect BIOS manufactured by Award

and appears to have originated in China. The

Trojan’s code is clearly unfinished and contains

debug information, but we have verified its

functionality and it works.”

5. Benefit of Taking Advantage of these

Vulnerabilities

This type of attack does not use any

vulnerability in particular. It does have a set of

limitations to successfully undertake the attack.

“It was very easy. We can put the code wherever

we want,” said Ortega. “We’re not using a

vulnerability in any way. I’m not sure if you

understand the impact of this. We can reinfect the

BIOS every time it reboots.” Sacco and Ortega

stressed that in order to execute the attacks, you

need either root privileges or physical access to

the machine in question, which limits the scope.

“We can patch a driver to drop a fully working

rootkit. We even have a little code that can

remove or disable anti-virus,” Ortega said. Rob

Lemos at SecurityFocus explains that the attack

method requires the use of a machine that’s

already compromised but the scary part is that it

completely prevents a defender from easily

deleting an attacker’s program or rootkit. “You

can remove the hard drive, trash it, and even

reinstall the operating system,” Sacco said. “This

will still reinstall the rootkit.” In another words

there is no anti-malware available for BIOS

infections. Since these type of attacks are still

new to the hacking world, we have to wait and

5

see how it develops and the counter measures that

are created. And for now since this only affects a

certain type of BIOS, Award a quick way to

check for is to see if your system has this BIOS

or not. It was also mentioned that in order for this

type of an attack, the attacker needs to know the

machine specifications and need to have access to

the machine, so a counter measure to that would

be to just safeguard your system from being

physically accessed by someone else.

6. Mitigation of Vulnerabilities

BIOS based persistent threats are very

difficult to remove once a system is infected. A

user has no choice but to flash the BIOS of the

system again and bring it back to the original

condition. The BIOS used in the normal

computers are EEPROMS or Electrically

Erasable Programmable ROMS. These ROMS

can be reprogrammed with electrical signals. To

flash the ROM user can download tools which

are available for free online and then install the

original version of the BIOS. The problem here is

that flashing the ROM is a technically

challenging task for an average user and most

users will find themselves clueless. Also if not

done correctly flashing can render a computer

completely useless. Thus to flash the ROM the

users should always seek help from someone who

is experienced.

Another problem with the users flashing the

ROM themselves is that the program to flash the

ROMS run in kernel mode and thus have a very

high level of privileges as far as making changes

to the system is concerned. If a user downloads a

Trojan which looks like a ROM flashing software

the user can end up with 2 infections instead of

one. Plus the new Trojan will have kernel level

privileges on the system. Considering the above

mentioned methods to remove an infection from

the ROM and the problems associated with it, the

best way to mitigate the BIOS based infections is

to have really solid preventive measures.

Preventive measures to mitigate the BIOS based

threats are as follows:

Any changes made to the BIOS should be

authenticated by the user or the system admin.

The fact that Mebromi can flash the bios by

bypassing OS level security reflects the weakness

in the BIOS update mechanism. Mebromi can use

some kind of exploit or a social engineering

attack to gain kernel level privileges and then

flash the ROM. BIOS should have a second layer

of security requiring the user to make changes

even if the malware has bypassed the OS security

mechanisms. Also the changes to the BIOS or the

BIOS updates should contain the digital

signatures of the company issuing the BIOS

updates. Hardware/Software based methods can

be used to check the integrity of the BIOS and

look for any unauthorized changes to the BIOS.

On detecting any changes these mechanisms can

revert the BIOS to its original state. The integrity

of the BIOS can be checked at the hardware level

by a checksum of the BIOS. This mechanism will

prevent changes to the BIOS even if the malware

circumvents all the software based security

measures.

7. Future Advanced Persistent Attacks

The persistent BIOS threat works at a very

low level and can be used for quite a few

purposes for an attacker because an antivirus

cannot stop the malware’s execution if it’s

executed at a stage that early. With the Mebromi

rootkit being found in the wild, BIOS infections

are no longer a concept from the future. Such

attacks are already here. And here are a few more

things that the persistent malwares in the BIOS

would be capable of: Infecting other devices like

mobile phones and tablets: These devices use a

BIOS for their functioning. Infecting the BIOS in

such devices gives an attacker a major advantage.

The infection cannot be monitored because it is

implemented at a very low level. And it is very

difficult to remove such infections without

flashing the ROM. Flashing the ROM becomes

even more difficult for a user in such cases

because unlike computers these devices do not

have applications available online which enable a

user to flash the ROM. Once an attacker

successfully infects the BIOS of these devices the

possibilities of attacks are almost as limitless as

on a computer. The malware can steal personal

data, monitor calls, sms or data being used on the

phone, send out spam etc.

6

SMM rootkits: The system management

mode is a special system mode is a special mode

used by the intel processors to manage powers

and other functions which are independent of the

operating system. Malware can be executed in the

smm mode as it has its own memory space, but it

is difficult to do so. SMM rootkits are difficult to

implement because of the lock that is set by the

BIOS on it as a safety measure. There are ways to

bypass this lock but it’s a entirely different case if

such malwares are injected by the BIOS because

in that case the malicious code will be injected

and executed before the lock is set. This is a very

effective place to inject a malware and can be

used for things like logging keystrokes and/or

directly communicating with the network card,

bypassing the kernel and send out or receive data.

Generic BIOS rootkits: Mebromi is not a generic

rootkit. It targets a specific BIOS. This is because

it is not easy to implement a BIOS code and

every BIOS has a different instruction set. So

although it is very difficult to do it is very likely

to see a more generic BIOS rootkit in the future

which will be capable of infecting the BIOS from

all the four major BIOS making companies.

REFERENCES [1] Bowman, M., Debray, S. K., and Peterson, L. L. 1993.

Reasoning about naming systems. ACM Trans. Program. Lang. Syst. 15, 5 (Nov. 1993), 795-825. DOI=

http://doi.acm.org/10.1145/161468.16147.

[2] Burns, E. (n.d.). What is an mbr rootkit?. Retrieved from

http://www.ehow.com/facts_6949622_mbr-rootkit_.html

[3] Master, D. (2011, September 15). Bios rootkit trojan dropper

attacks award phoenix technologies. Retrieved from

http://nwlinux.com/bios-rootkit-award-phoenix-technologies/

[4] Fagerland, S. (2011, September 8). Mebromi, a bios-flashing trojan [Web log message]. Retrieved from

http://blogs.norman.com/2011/malware-detection-

team/mebromi-a-bios-flashing-trojan

[5] Giuliani, M. (2011, September 14). Mebromi: the first bios rootkit in the wild [Web log message]. Retrieved from

http://blog.webroot.com/2011/09/13/mebromi-the-first-bios-

rootkit-in-the-wild

[6] Nash, T. (2005, September). An undirected attack against critical infrastructure. Retrieved from http://www.us-

cert.gov/control_systems/pdf/undirected_attack0905.pdf

[7] Tyson, J. (n.d.). How bios works . Retrieved from

http://computer.howstuffworks.com/bios1.htm

[8] Understanding Anti-Malware Technologies" (PDF).

Microsoft. Retrieved 2011-10

[9] Yuan, L. (2011, September 6). Mebromi. Retrieved from

http://www.symantec.com/security_response/writeup.jsp?docid=2011-090609-4557-99&tabid=2

8. Conclusion

Advanced persistent attacks have now

become a reality. Mebromi is the greatest

example of a persistent attack. By attacking the

BIOS a computer will constantly get infected as

the payload is released on to the OS every time

the computer is in the process of booting the

OS. The correct security measures will need to

be implemented into protecting the BIOS from

having future forms of malware such as

Mebromi attacking the system BIOS. As

computers evolve and programming languages

evolve, attackers are finding new ways to

attack the system. This issue will only grow

into the future until a new approach has been

devolved into protecting the BIOS. Mebromi

has set the standard for BIOS malware and the

only thing left to do is to secure the BIOS

environment or wait and see if newer forms of

malware like Mebromi appear in the wild,

crippling our entire computing infrastructure.