BIOS Rootkit Mebromi
Transcript of BIOS Rootkit Mebromi
1
Advanced Persistent Attacks:
BIOS Rootkit -“Mebromi”
Hamza Sirag, Nihant Bondugula, Rishabh Gupta
Graduate School of Computer Science, George Mason University, Fairfax, VA
1. Abstract
As cyberspace has evolved malware has also
evolved. According to the United States
Computer Emergency Readiness Team, malware
is defined as malicious software that consists of
programming (code, scripts, active content, and
other software) designed to disrupt or deny
operation, gather information that leads to loss of
privacy or exploitation, gain unauthorized access
to system resources, and other abusive behavior.
During the early ages of cyberspace malware
primarily consisted of viruses, worms, and Trojan
horses. Malware has rapidly evolved to include
spyware, adware, scareware, crimeware, rootkits,
and other malicious software. Many types of
malware have become persistent-constantly
attacking a system even if the system has been
disinfected. With the strength in anti-virus
engines it has been possible to successfully
eradicate most forms of malware. If malware is
unable to be removed then the system can easily
be formatted and the OS can be reinstalled on it.
Even though malware removal can be a
complicated task even with the proper software,
the techniques associated with malware removal
have been very successful. Recently, anti-
malware software provider Webroot announced
that a Chinese security company blogged about
the first BIOS rootkit known as “Mebromi” that
has been released in the wild. Our research will
examine Mebromi and provide a deep analysis of
this newly found advanced persistent attack. We
will also try to explain the implications
associated with malware targeting the BIOS. Our
research will explain the technological
vulnerabilities associated with Mebromi, the tools
that take advantage of those technological
vulnerabilities, mitigation of the technological
vulnerabilities, future of advanced persistent
attacks, future of BIOS targeting, and provide a
conclusion summarizing our research.
2. Analysis
2.1 BIOS
According to PC Guide, BIOS stands for
basic input/output system. The system BIOS is
the lowest-level software in the computer; it acts
as an interface between the hardware (especially
the chipset and processor) and the operating
system. The BIOS provides access to the system
hardware and enables the creation of the higher-
level operating systems that needs to be run in
order to execute applications. The BIOS is also
responsible for allowing users to control the
computer's hardware settings and various other
system functions. According to How Stuff Works
the BIOS is stored on a non-volatile ROM chip
on the motherboard. The BIOS is the first code
run by a computer when powered on ('boot
firmware'). When the computer starts up, the first
job for the BIOS is to initialize and identify
system devices such as the video display card,
keyboard and mouse, hard disk drive, optical disc
drive and other hardware. The BIOS then locates
the boot loader software held on a peripheral
device (designated as a 'boot device'), such as a
hard disk or a CD/DVD, and loads and executes
that software, giving it control of the computer.
2
2.2 Rootkit
According to McAfee a Rootkit is defined
as software that enables continued privileged
access to a computer while actively hiding its
presence from administrators by subverting
standard operating system functionality or other
applications. The term rootkit is a concatenation
of "root" (the traditional name of the privileged
account on Unix operating systems) and the word
"kit" (which refers to the software components
that implement the tool). The term "rootkit" has
negative connotations through its association
with malware.
2.3 Mebromi
According to Marco Giuliani, Webroot, a
Chinese security company called Qihoo 360
recently blogged about a new BIOS rootkit
hitting Chinese computers nicknamed “BMW.”
This turned to be a very interesting discovery as
it appears to be the first real malware targeting
system BIOS since a well-known proof of
concept called IceLord in 2007. The malware is
called Mebromi and contains a bit of everything:
a BIOS rootkit specifically targeting Award
BIOS, a MBR rootkit, a kernel mode rootkit, a
PE file infector and a Trojan downloader. At this
time, Mebromi is not designed to infect 64-bit
operating system and it is not able to infect the
system if run with limited privileges.
2.3.1 History of BIOS Rootkits
In 1998 the first attempt at attacking the
BIOS was initiated. The CBH/Chernobyl
infection was an infamous virus that was able to
flash the motherboard BIOS and erase it. By
erasing the BIOS the computer became
completely paralyzed. According to Marco
Giuliani, the CBH/Chernobyl virus was
exploiting a privilege escalation bug in Windows
9x operating system which allowed it to
overwrite the Interrupt Descriptor Table with its
own payload from user mode, then triggering the
overwritten interrupt handler and its malicious
code is executed in kernel mode. In 2007 a well-
known proof of concept of a BIOS rootkit was
developed called IceLord which affected only
Award BIOS systems.
2.3.2 How Mebromi Operates
According to Marco Giuliani, Mebromi first
begins by loading its own kernel mode driver
which will handle the BIOS infection. The
Mebromi infection begins with a small encrypted
dropper that contains five crypted resource files:
hook.rom, flash.dll, cbrom.exe, my.sys, bios.sys.
To do so, it uses two methods: it either extracts
and loads the flash.dll library which will load the
bios.sys driver, or it stops the beep.sys service
key, overwriting the beep.sys driver with its own
bios.sys code, restart the service key and restore
the original beep.sys code. The bios.sys driver is
the code which handles the BIOS infection. To
read the BIOS code, it needs to map the physical
memory located at physical memory address
0xF0000, this is where the BIOS ROM usually
resides. Once read, the driver verifies if the BIOS
ROM is Award BIOS, by checking the presence
of the string: $@AWDFLA. If found, the driver
tries to locate the SMI port that will be used by
the rootkit to flash the BIOS ROM. If the BIOS
ROM matches the string, the rootkit saves a copy
of the BIOS to the file C:\bios.bin and pass the
next step to the user mode component of the
infection. The dropper extracts two files:
cbrom.exe and hook.rom. Cbrom.exe is a
legitimate tool developed by Phoenix
Technologies, used to modify the Award/Phoenix
BIOS ROM binaries. Hook.rom is the rootkit ISA
BIOS ROM that is added to the BIOS binary,
containing the rootkit infection. The dropper
executes cbrom.exe with the /isa switch
parameter, passing the hook.rom file. Before
actually injecting the malicious ISA ROM, the
dropper checks the BIOS ROM code looking for
the “hook rom” string, used as a marker of the
infection. If found, it means that the BIOS is
already infected and it doesn’t need to be infected
again. After that the bios.bin file has been
modified, the bios.sys driver send to the BIOS
SMI port the command 0×29, used to erase the
BIOS flash, and then the command 0x2F used to
write the new BIOS ROM code to the BIOS
ROM. The BIOS is now infected, and the dropper
goes to its next step: infecting the Master Boot
Record. The infection is 14 sectors long and the
3
original MBR is stored to the sector 7. To avoid
potential startup issues, the infected MBR stores
a copy of the original MBR’s partition table.
Finally the dropper extracts the my.sys driver on
the root of the C: drive. My.sys is a kernel mode
rootkit that hijacks disk.sys’s IRP major
functions, by redirecting the
IRP_MJ_READ/WRITE and
IRP_MJ_DEVICE_CONTROL native functions.
It is used to hide the infection on the disk. Even if
the BIOS infection doesn’t succeed, the rootkit
does infect the MBR. At the next system startup,
after the BIOS POST phase, the malicious code
injected inside it prepares the full MBR infection
(all the first 14 sectors are stored inside the
malicious BIOS rom, 7168 bytes in total) and
checks the MBR code of the hard drive looking if
the infection is already present. To do it, the
BIOS malicious code checks for the presence of
the string “int1” at the offset 0×92. If the string is
not found, the BIOS malicious rom will overwrite
all the first 14 sectors of the hard drive, thus
restoring the MBR infection. The system startup
procedure continues and the control now passes
to the malicious master boot record. Here the
malicious payload analyzes the original MBR
partition table and looks for the active partition,
checking if it’s using a NTFS or FAT32 file
system. The malicious MBR code contains
indeed NTFS/FAT32 parser routines, used to get
inside the file system to look for winlogon.exe or
wininit.exe file. When found, the malicious code
contains a file infection payload, able to inject
malicious code inside the specified file and hijack
the entry point of it. Before infecting the file, the
MBR malicious code checks if it is already
infected, by looking for the string “cnns” at the
offset 0×50 from the beginning of the PE file.
This is the infection marker. If the string is not
found, the infection stores a crypted payload –
about 600 bytes of code – inside winlogon.exe or
wininit.exe and hijacks the PE entry point to the
beginning of it, saving the original entry point at
the offset 0×60. The job of the MBR infection
ends here, waiting for the Windows startup which
will load the patched executable. When loaded,
the payload self-decrypt its malicious code and
loads in memory the my.sys driver. Then it tries
to download an additional infection from the
(now unavailable) URL address:
http://dh.3515.info:806/test/91/calc.
According to Marco Giuliani the infection is
clearly focused on Chinese users, because the
dropper is carefully checking if the system it’s
going to infect is protected by Chinese security
software Rising Antivirus and Jiangmin KV
Antivirus. To gain access to the BIOS, the
infection first needs to get loaded in kernel mode
so that it can handle with physical memory
instead of virtual memory.
Mebromi is composed of various forms of
malware. Mebromi not only contains a standard
rootkit but also contains an MBR rootkit.
According to Elizabeth Burns, an MBR rootkit is
a malicious program that attacks a Windows
computer's Master Boot Record, which is part of
the system's hard drive used during the start-up
process, according to the F-Secure. Mebromi also
contains a kernel mode rootkit. According to
Microsoft, kernel mode rootkits run with the
highest operating system privileges (Ring 0) by
adding code or replacing portions of the core
operating system, including both the kernel and
associated device drivers. Most operating systems
support kernel-mode device drivers, which
execute with the same privileges as the operating
system itself. As such, many kernel-mode
rootkits are developed as device drivers or
loadable modules, such as loadable kernel
modules in Linux or device drivers in Microsoft
Windows. This class of rootkit has unrestricted
security access, but is more difficult to write.
Kernel rootkits can be especially difficult to
detect and remove because they operate at the
same security level as the operating system itself,
and are thus able to intercept or subvert the most
trusted operating system operations. Any
software, such as antivirus software, running on
the compromised system is equally vulnerable.
Operating systems are evolving to counter the
threat of kernel-mode rootkits. For example, 64-
bit editions of Microsoft Windows now
implement mandatory signing of all kernel-level
drivers in order to make it more difficult for
untrusted code to execute. Mebromi also contains
a PE file infector. A PE file infector is an
4
infection based attack that targets the Windows
PE file environment. Mebromi is also made up of
a Trojan downloader. According to F-Secure, a
Trojan downloader is a type of Trojan that
secretly downloads malicious files from a remote
server, then installs and executes the files.
3. Technology Vulnerabilities
Mebromi is a rootkit that checks upon
execution if the system that is being infected is
using the Award BIOS or not, if the system is
using the Award BIOS then it infects the BIOS
and then installs a MBR rootkit infecting the
Master boot record. But one would question why
only the Award BIOS? Researchers are still
trying to figure out the answer to this question as
to why these hackers have chosen only the Award
BIOS. One of the possible reasons is that in 2007
there was a similar proof of concepts called the
IceLord BIOS rootkit which was targeting the
Award BIOS that uses a similar approach as
Mebromi. Many believe that Mebromi is an
extension to the proof of concepts that was
designed in 2007 that attacked the Award BIOS.
The benefit of taking advantage of this
vulnerability is that this sort of attack is
persistent. Mebromi targets Award BIOS and
attaches itself to it so it can infect a client
computer over and over again. The malware then
infects the master boot record to be able to infect
winlogon.exe or winnt.exe to be able to use
Windows to download additional malware. There
is no easy way to get rid of Mebromi at this time
as traditional anti-virus software won't reach
down to the BIOS level. In another words, when
it comes to a human body when all the viruses
infect the bloodstream, Mebromi infects the heart
itself and then takes control of the entire body.
4. Tools that Take Advantage of
Vulnerabilities
Currently there is no specific “tool” that takes
advantage of the mentioned vulnerabilities
besides Mebromi. According to Webroot "storing
the malicious code inside the BIOS ROM could
actually become more than just a problem for
security software, given the fact that even if an
antivirus detects and cleans the MBR infection, it
will be restored at the next system startup when
the malicious BIOS payload would overwrite the
MBR code again."
Infecting the BIOS should allow the malware
to gain control of all the boot up stages of the
computer. A malware can be injected into the
operating system during the boot up stage
directly from the BIOS. Kaspersky Lab security
expert Alexander Gostev explains that BIOS
infection remains to be a proof-of-concept
particularly due to the fact that BIOS are different
from each PC. Thus, the virus author has to get
hold of BIOS firmware information from each
PC manufacturer to be able to conduct massive
attacks. “The rootkit detected in September is
designed to infect BIOS manufactured by Award
and appears to have originated in China. The
Trojan’s code is clearly unfinished and contains
debug information, but we have verified its
functionality and it works.”
5. Benefit of Taking Advantage of these
Vulnerabilities
This type of attack does not use any
vulnerability in particular. It does have a set of
limitations to successfully undertake the attack.
“It was very easy. We can put the code wherever
we want,” said Ortega. “We’re not using a
vulnerability in any way. I’m not sure if you
understand the impact of this. We can reinfect the
BIOS every time it reboots.” Sacco and Ortega
stressed that in order to execute the attacks, you
need either root privileges or physical access to
the machine in question, which limits the scope.
“We can patch a driver to drop a fully working
rootkit. We even have a little code that can
remove or disable anti-virus,” Ortega said. Rob
Lemos at SecurityFocus explains that the attack
method requires the use of a machine that’s
already compromised but the scary part is that it
completely prevents a defender from easily
deleting an attacker’s program or rootkit. “You
can remove the hard drive, trash it, and even
reinstall the operating system,” Sacco said. “This
will still reinstall the rootkit.” In another words
there is no anti-malware available for BIOS
infections. Since these type of attacks are still
new to the hacking world, we have to wait and
5
see how it develops and the counter measures that
are created. And for now since this only affects a
certain type of BIOS, Award a quick way to
check for is to see if your system has this BIOS
or not. It was also mentioned that in order for this
type of an attack, the attacker needs to know the
machine specifications and need to have access to
the machine, so a counter measure to that would
be to just safeguard your system from being
physically accessed by someone else.
6. Mitigation of Vulnerabilities
BIOS based persistent threats are very
difficult to remove once a system is infected. A
user has no choice but to flash the BIOS of the
system again and bring it back to the original
condition. The BIOS used in the normal
computers are EEPROMS or Electrically
Erasable Programmable ROMS. These ROMS
can be reprogrammed with electrical signals. To
flash the ROM user can download tools which
are available for free online and then install the
original version of the BIOS. The problem here is
that flashing the ROM is a technically
challenging task for an average user and most
users will find themselves clueless. Also if not
done correctly flashing can render a computer
completely useless. Thus to flash the ROM the
users should always seek help from someone who
is experienced.
Another problem with the users flashing the
ROM themselves is that the program to flash the
ROMS run in kernel mode and thus have a very
high level of privileges as far as making changes
to the system is concerned. If a user downloads a
Trojan which looks like a ROM flashing software
the user can end up with 2 infections instead of
one. Plus the new Trojan will have kernel level
privileges on the system. Considering the above
mentioned methods to remove an infection from
the ROM and the problems associated with it, the
best way to mitigate the BIOS based infections is
to have really solid preventive measures.
Preventive measures to mitigate the BIOS based
threats are as follows:
Any changes made to the BIOS should be
authenticated by the user or the system admin.
The fact that Mebromi can flash the bios by
bypassing OS level security reflects the weakness
in the BIOS update mechanism. Mebromi can use
some kind of exploit or a social engineering
attack to gain kernel level privileges and then
flash the ROM. BIOS should have a second layer
of security requiring the user to make changes
even if the malware has bypassed the OS security
mechanisms. Also the changes to the BIOS or the
BIOS updates should contain the digital
signatures of the company issuing the BIOS
updates. Hardware/Software based methods can
be used to check the integrity of the BIOS and
look for any unauthorized changes to the BIOS.
On detecting any changes these mechanisms can
revert the BIOS to its original state. The integrity
of the BIOS can be checked at the hardware level
by a checksum of the BIOS. This mechanism will
prevent changes to the BIOS even if the malware
circumvents all the software based security
measures.
7. Future Advanced Persistent Attacks
The persistent BIOS threat works at a very
low level and can be used for quite a few
purposes for an attacker because an antivirus
cannot stop the malware’s execution if it’s
executed at a stage that early. With the Mebromi
rootkit being found in the wild, BIOS infections
are no longer a concept from the future. Such
attacks are already here. And here are a few more
things that the persistent malwares in the BIOS
would be capable of: Infecting other devices like
mobile phones and tablets: These devices use a
BIOS for their functioning. Infecting the BIOS in
such devices gives an attacker a major advantage.
The infection cannot be monitored because it is
implemented at a very low level. And it is very
difficult to remove such infections without
flashing the ROM. Flashing the ROM becomes
even more difficult for a user in such cases
because unlike computers these devices do not
have applications available online which enable a
user to flash the ROM. Once an attacker
successfully infects the BIOS of these devices the
possibilities of attacks are almost as limitless as
on a computer. The malware can steal personal
data, monitor calls, sms or data being used on the
phone, send out spam etc.
6
SMM rootkits: The system management
mode is a special system mode is a special mode
used by the intel processors to manage powers
and other functions which are independent of the
operating system. Malware can be executed in the
smm mode as it has its own memory space, but it
is difficult to do so. SMM rootkits are difficult to
implement because of the lock that is set by the
BIOS on it as a safety measure. There are ways to
bypass this lock but it’s a entirely different case if
such malwares are injected by the BIOS because
in that case the malicious code will be injected
and executed before the lock is set. This is a very
effective place to inject a malware and can be
used for things like logging keystrokes and/or
directly communicating with the network card,
bypassing the kernel and send out or receive data.
Generic BIOS rootkits: Mebromi is not a generic
rootkit. It targets a specific BIOS. This is because
it is not easy to implement a BIOS code and
every BIOS has a different instruction set. So
although it is very difficult to do it is very likely
to see a more generic BIOS rootkit in the future
which will be capable of infecting the BIOS from
all the four major BIOS making companies.
REFERENCES [1] Bowman, M., Debray, S. K., and Peterson, L. L. 1993.
Reasoning about naming systems. ACM Trans. Program. Lang. Syst. 15, 5 (Nov. 1993), 795-825. DOI=
http://doi.acm.org/10.1145/161468.16147.
[2] Burns, E. (n.d.). What is an mbr rootkit?. Retrieved from
http://www.ehow.com/facts_6949622_mbr-rootkit_.html
[3] Master, D. (2011, September 15). Bios rootkit trojan dropper
attacks award phoenix technologies. Retrieved from
http://nwlinux.com/bios-rootkit-award-phoenix-technologies/
[4] Fagerland, S. (2011, September 8). Mebromi, a bios-flashing trojan [Web log message]. Retrieved from
http://blogs.norman.com/2011/malware-detection-
team/mebromi-a-bios-flashing-trojan
[5] Giuliani, M. (2011, September 14). Mebromi: the first bios rootkit in the wild [Web log message]. Retrieved from
http://blog.webroot.com/2011/09/13/mebromi-the-first-bios-
rootkit-in-the-wild
[6] Nash, T. (2005, September). An undirected attack against critical infrastructure. Retrieved from http://www.us-
cert.gov/control_systems/pdf/undirected_attack0905.pdf
[7] Tyson, J. (n.d.). How bios works . Retrieved from
http://computer.howstuffworks.com/bios1.htm
[8] Understanding Anti-Malware Technologies" (PDF).
Microsoft. Retrieved 2011-10
[9] Yuan, L. (2011, September 6). Mebromi. Retrieved from
http://www.symantec.com/security_response/writeup.jsp?docid=2011-090609-4557-99&tabid=2
8. Conclusion
Advanced persistent attacks have now
become a reality. Mebromi is the greatest
example of a persistent attack. By attacking the
BIOS a computer will constantly get infected as
the payload is released on to the OS every time
the computer is in the process of booting the
OS. The correct security measures will need to
be implemented into protecting the BIOS from
having future forms of malware such as
Mebromi attacking the system BIOS. As
computers evolve and programming languages
evolve, attackers are finding new ways to
attack the system. This issue will only grow
into the future until a new approach has been
devolved into protecting the BIOS. Mebromi
has set the standard for BIOS malware and the
only thing left to do is to secure the BIOS
environment or wait and see if newer forms of
malware like Mebromi appear in the wild,
crippling our entire computing infrastructure.