Advanced Persistent Attacks: BIOS Rootkit -Mebromi

Hamza Sirag, Nihant Bondugula, Rishabh Gupta Graduate School of Computer Science, George Mason University, Fairfax, VA

1. Abstract As cyberspace has evolved malware has also evolved. According to the United States Computer Emergency Readiness Team, malware is defined as malicious software that consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior. During the early ages of cyberspace malware primarily consisted of viruses, worms, and Trojan horses. Malware has rapidly evolved to include spyware, adware, scareware, crimeware, rootkits, and other malicious software. Many types of malware have become persistent-constantly attacking a system even if the system has been disinfected. With the strength in anti-virus engines it has been possible to successfully eradicate most forms of malware. If malware is unable to be removed then the system can easily be formatted and the OS can be reinstalled on it. Even though malware removal can be a complicated task even with the proper software, the techniques associated with malware removal have been very successful. Recently, antimalware software provider Webroot announced that a Chinese security company blogged about the first BIOS rootkit known as Mebromi that has been released in the wild. Our research will examine Mebromi and provide a deep analysis of this newly found advanced persistent attack. We will also try to explain the implications associated with malware targeting the BIOS. Our research will explain the technological 1

vulnerabilities associated with Mebromi, the tools that take advantage of those technological vulnerabilities, mitigation of the technological vulnerabilities, future of advanced persistent attacks, future of BIOS targeting, and provide a conclusion summarizing our research. 2. Analysis 2.1 BIOS According to PC Guide, BIOS stands for basic input/output system. The system BIOS is the lowest-level software in the computer; it acts as an interface between the hardware (especially the chipset and processor) and the operating system. The BIOS provides access to the system hardware and enables the creation of the higherlevel operating systems that needs to be run in order to execute applications. The BIOS is also responsible for allowing users to control the computer's hardware settings and various other system functions. According to How Stuff Works the BIOS is stored on a non-volatile ROM chip on the motherboard. The BIOS is the first code run by a computer when powered on ('boot firmware'). When the computer starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk drive, optical disc drive and other hardware. The BIOS then locates the boot loader software held on a peripheral device (designated as a 'boot device'), such as a hard disk or a CD/DVD, and loads and executes that software, giving it control of the computer.

2.2 Rootkit According to McAfee a Rootkit is defined as software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. 2.3 Mebromi According to Marco Giuliani, Webroot, a Chinese security company called Qihoo 360 recently blogged about a new BIOS rootkit hitting Chinese computers nicknamed BMW. This turned to be a very interesting discovery as it appears to be the first real malware targeting system BIOS since a well-known proof of concept called IceLord in 2007. The malware is called Mebromi and contains a bit of everything: a BIOS rootkit specifically targeting Award BIOS, a MBR rootkit, a kernel mode rootkit, a PE file infector and a Trojan downloader. At this time, Mebromi is not designed to infect 64-bit operating system and it is not able to infect the system if run with limited privileges. 2.3.1 History of BIOS Rootkits In 1998 the first attempt at attacking the BIOS was initiated. The CBH/Chernobyl infection was an infamous virus that was able to flash the motherboard BIOS and erase it. By erasing the BIOS the computer became completely paralyzed. According to Marco Giuliani, the CBH/Chernobyl virus was exploiting a privilege escalation bug in Windows 9x operating system which allowed it to overwrite the Interrupt Descriptor Table with its own payload from user mode, then triggering the overwritten interrupt handler and its malicious code is executed in kernel mode. In 2007 a wellknown proof of concept of a BIOS rootkit was developed called IceLord which affected only Award BIOS systems. 2

2.3.2 How Mebromi Operates According to Marco Giuliani, Mebromi first begins by loading its own kernel mode driver which will handle the BIOS infection. The Mebromi infection begins with a small encrypted dropper that contains five crypted resource files: hook.rom, flash.dll, cbrom.exe, my.sys, bios.sys. To do so, it uses two methods: it either extracts and loads the flash.dll library which will load the bios.sys driver, or it stops the beep.sys service key, overwriting the beep.sys driver with its own bios.sys code, restart the service key and restore the original beep.sys code. The bios.sys driver is the code which handles the BIOS infection. To read the BIOS code, it needs to map the physical memory located at physical memory address 0xF0000, this is where the BIOS ROM usually resides. Once read, the driver verifies if the BIOS ROM is Award BIOS, by checking the presence of the string: $@AWDFLA. If found, the driver tries to locate the SMI port that will be used by the rootkit to flash the BIOS ROM. If the BIOS ROM matches the string, the rootkit saves a copy of the BIOS to the file C:\bios.bin and pass the next step to the user mode component of the infection. The dropper extracts two files: cbrom.exe and hook.rom. Cbrom.exe is a legitimate tool developed by Phoenix Technologies, used to modify the Award/Phoenix BIOS ROM binaries. Hook.rom is the rootkit ISA BIOS ROM that is added to the BIOS binary, containing the rootkit infection. The dropper executes cbrom.exe with the /isa switch parameter, passing the hook.rom file. Before actually injecting the malicious ISA ROM, the dropper checks the BIOS ROM code looking for the hook rom string, used as a marker of the infection. If found, it means that the BIOS is already infected and it doesnt need to be infected again. After that the bios.bin file has been modified, the bios.sys driver send to the BIOS SMI port the command 029, used to erase the BIOS flash, and then the command 0x2F used to write the new BIOS ROM code to the BIOS ROM. The BIOS is now infected, and the dropper goes to its next step: infecting the Master Boot Record. The infection is 14 sectors long and the

original MBR is stored to the sector 7. To avoid potential startup issues, the infected MBR stores a copy of the original MBRs partition table. Finally the dropper extracts the my.sys driver on the root of the C: drive. My.sys is a kernel mode rootkit that hijacks disk.syss IRP major functions, by redirecting the IRP_MJ_READ/WRITE and IRP_MJ_DEVICE_CONTROL native functions. It is used to hide the infection on the disk. Even if the BIOS infection doesnt succeed, the rootkit does infect the MBR. At the next system startup, after the BIOS POST phase, the malicious code injected inside it prepares the full MBR infection (all the first 14 sectors are stored inside the malicious BIOS rom, 7168 bytes in total) and checks the MBR code of the hard drive looking if the infection is already present. To do it, the BIOS malicious code checks for the presence of the string int1 at the offset 092. If the string is not found, the BIOS malicious rom will overwrite all the first 14 sectors of the hard drive, thus restoring the MBR infection. The system startup procedure continues and the control now passes to the malicious master boot record. Here the malicious payload analyzes the original MBR partition table and looks for the active partition, checking if its using a NTFS or FAT32 file system. The malicious MBR code contains indeed NTFS/FAT32 parser routines, used to get inside the file system to look for winlogon.exe or wininit.exe file. When found, the malicious code contains a file infection payload, able to inject malicious code inside the specified file and hijack the entry point of it. Before infecting the file, the MBR malicious code checks if it is already infected, by looking for the string cnns at the offset 050 from the beginning of the PE file. This is the infection marker. If the string is not found, the infection stores a crypted payload about 600 bytes of code inside winlogon.exe or wininit.exe and hijacks the PE entry point to the beginning of it, saving the original entry point at the offset 060. The job of the MBR infection ends here, waiting for the Windows startup which will load the patched executable. When loaded, the payload self-decrypt its malicious code and loads in memory the my.sys driver. Then it tries 3

to download an additional infection from the (now unavailable) URL address: http://dh.3515.info:806/test/91/calc. According to Marco Giuliani the infection is clearly focused on Chinese users, because the dropper is carefully checking if the system its going to infect is protected by Chinese security software Rising Antivirus and Jiangmin KV Antivirus. To gain access to the BIOS, the infection first needs to get loaded in kernel mode so that it can handle with physical memory instead of virtual memory. Mebromi is composed of various forms of malware. Mebromi not only contains a standard rootkit but also contains an MBR rootkit. According to Elizabeth Burns, an MBR rootkit is a malicious program that attacks a Windows computer's Master Boot Record, which is part of the system's hard drive used during the start-up process, according to the F-Secure. Mebromi also contains a kernel mode rootkit. According to Microsoft, kernel mode rootkits run with the highest operating system privileges (Ring 0) by adding code or replacing portions of the core operating system, including both the kernel and associated device drivers. Most operating systems support kernel-mode device drivers, which execute with the same privileges as the operating system itself. As such, many kernel-mode rootkits are developed as device drivers or loadable modules, such as loadable kernel modules in Linux or device drivers in Microsoft Windows. This class of rootkit has unrestricted security access, but is more difficult to write. Kernel rootkits can be especially difficult to detect and remove because they operate at the same security level as the operating system itself, and are thus able to intercept or subvert the most trusted operating system operations. Any software, such as antivirus software, running on the compromised system is equally vulnerable. Operating systems are evolving to counter the threat of kernel-mode rootkits. For example, 64bit editions of Microsoft Windows now implement mandatory signing of all kernel-level drivers in order to make it more difficult for untrusted code to execute. Mebromi also contains a PE file infector. A PE file infector is an

infection based attack that targets the Windows PE file environment. Mebromi is also made up of a Trojan downloader. According to F-Secure, a Trojan downloader is a type of Trojan that secretly downloads malicious files from a remote server, then installs and executes the files. 3. Technology Vulnerabilities Mebromi is a rootkit that checks upon execution if the system that is being infected is using the Award BIOS or not, if the system is using the Award BIOS then it infects the BIOS and then installs a MBR rootkit infecting the Master boot record. But one would question why only the Award BIOS? Researchers are still trying to figure out the answer to this question as to why these hackers have chosen only the Award BIOS. One of the possible reasons is that in 2007 there was a similar proof of concepts called the IceLord BIOS rootkit which was targeting the Award BIOS that uses a similar approach as Mebromi. Many believe that Mebromi is an extension to the proof of concepts that was designed in 2007 that attacked the Award BIOS. The benefit of taking advantage of this vulnerability is that this sort of attack is persistent. Mebromi targets Award BIOS and attaches itself to it so it can infect a client computer over and over again. The malware then infects the master boot record to be able to infect winlogon.exe or winnt.exe to be able to use Windows to download additional malware. There is no easy way to get rid of Mebromi at this time as traditional anti-virus software won't reach down to the BIOS level. In another words, when it comes to a human body when all the viruses infect the bloodstream, Mebromi infects the heart itself and then takes control of the entire body. 4. Tools that Take Advantage of Vulnerabilities Currently there is no specific tool that takes advantage of the mentioned vulnerabilities besides Mebromi. According to Webroot "storing the malicious code inside the BIOS ROM could actually become more than just a problem for security software, given the fact that even if an antivirus detects and cleans the MBR infection, it 4

will be restored at the next system startup when the malicious BIOS payload would overwrite the MBR code again." Infecting the BIOS should allow the malware to gain control of all the boot up stages of the computer. A malware can be injected into the operating system during the boot up stage directly from the BIOS. Kaspersky Lab security expert Alexander Gostev explains that BIOS infection remains to be a proof-of-concept particularly due to the fact that BIOS are different from each PC. Thus, the virus author has to get hold of BIOS firmware information from each PC manufacturer to be able to conduct massive attacks. The rootkit detected in September is designed to infect BIOS manufactured by Award and appears to have originated in China. The Trojans code is clearly unfinished and contains debug information, but we have verified its functionality and it works. 5. Benefit of Taking Advantage of these Vulnerabilities This type of attack does not use any vulnerability in particular. It does have a set of limitations to successfully undertake the attack. It was very easy. We can put the code wherever we want, said Ortega. Were not using a vulnerability in any way. Im not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots. Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope. We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable anti-virus, Ortega said. Rob Lemos at SecurityFocus explains that the attack method requires the use of a machine thats already compromised but the scary part is that it completely prevents a defender from easily deleting an attackers program or rootkit. You can remove the hard drive, trash it, and even reinstall the operating system, Sacco said. This will still reinstall the rootkit. In another words there is no anti-malware available for BIOS infections. Since these type of attacks are still new to the hacking world, we have to wait and

see how it develops and the counter measures that are created. And for now since this only affects a certain type of BIOS, Award a quick way to check for is to see if your system has this BIOS or not. It was also mentioned that in order for this type of an attack, the attacker needs to know the machine specifications and need to have access to the machine, so a counter measure to that would be to just safeguard your system from being physically accessed by someone else. 6. Mitigation of Vulnerabilities BIOS based persistent threats are very difficult to remove once a system is infected. A user has no choice but to flash the BIOS of the system again and bring it back to the original condition. The BIOS used in the normal computers are EEPROMS or Electrically Erasable Programmable ROMS. These ROMS can be reprogrammed with electrical signals. To flash the ROM user can download tools which are available for free online and then install the original version of the BIOS. The problem here is that flashing the ROM is a technically challenging task for an average user and most users will find themselves clueless. Also if not done correctly flashing can render a computer completely useless. Thus to flash the ROM the users should always seek help from someone who is experienced. Another problem with the users flashing the ROM themselves is that the program to flash the ROMS run in kernel mode and thus have a very high level of privileges as far as making changes to the system is concerned. If a user downloads a Trojan which looks like a ROM flashing software the user can end up with 2 infections instead of one. Plus the new Trojan will have kernel level privileges on the system. Considering the above mentioned methods to remove an infection from the ROM and the problems associated with it, the best way to mitigate the BIOS based infections is to have really solid preventive measures. Preventive measures to mitigate the BIOS based threats are as follows: Any changes made to the BIOS should be authenticated by the user or the system admin. The fact that Mebromi can flash the bios by 5

bypassing OS level security reflects the weakness in the BIOS update mechanism. Mebromi can use some kind of exploit or a social engineering attack to gain kernel level privileges and then flash the ROM. BIOS should have a second layer of security requiring the user to make changes even if the malware has bypassed the OS security mechanisms. Also the changes to the BIOS or the BIOS updates should contain the digital signatures of the company issuing the BIOS updates. Hardware/Software based methods can be used to check the integrity of the BIOS and look for any unauthorized changes to the BIOS. On detecting any changes these mechanisms can revert the BIOS to its original state. The integrity of the BIOS can be checked at the hardware level by a checksum of the BIOS. This mechanism will prevent changes to the BIOS even if the malware circumvents all the software based security measures. 7. Future Advanced Persistent Attacks The persistent BIOS threat works at a very low level and can be used for quite a few purposes for an attacker because an antivirus cannot stop the malwares execution if its executed at a stage that early. With the Mebromi rootkit being found in the wild, BIOS infections are no longer a concept from the future. Such attacks are already here. And here are a few more things that the persistent malwares in the BIOS would be capable of: Infecting other devices like mobile phones and tablets: These devices use a BIOS for their functioning. Infecting the BIOS in such devices gives an attacker a major advantage. The infection cannot be monitored because it is implemented at a very low level. And it is very difficult to remove such infections without flashing the ROM. Flashing the ROM becomes even more difficult for a user in such cases because unlike computers these devices do not have applications available online which enable a user to flash the ROM. Once an attacker successfully infects the BIOS of these devices the possibilities of attacks are almost as limitless as on a computer. The malware can steal personal data, monitor calls, sms or data being used on the phone, send out spam etc.

SMM rootkits: The system management mode is a special system mode is a special mode used by the intel processors to manage powers and other functions which are independent of the operating system. Malware can be executed in the smm mode as it has its own memory space, but it is difficult to do so. SMM rootkits are difficult to implement because of the lock that is set by the BIOS on it as a safety measure. There are ways to bypass this lock but its a entirely different case if such malwares are injected by the BIOS because in that case the malicious code will be injected and executed before the lock is set. This is a very effective place to inject a malware and can be used for things like logging keystrokes and/or directly communicating with the network card, bypassing the kernel and send out or receive data. Generic BIOS rootkits: Mebromi is not a generic rootkit. It targets a specific BIOS. This is because it is not easy to implement a BIOS code and every BIOS has a different instruction set. So although it is very difficult to do it is very likely to see a more generic BIOS rootkit in the future which will be capable of infecting the BIOS from all the four major BIOS making companies. 8. Conclusion Advanced persistent attacks have now become a reality. Mebromi is the greatest example of a persistent attack. By attacking the BIOS a computer will constantly get infected as the payload is released on to the OS every time the computer is in the process of booting the OS. The correct security measures will need to be implemented into protecting the BIOS from having future forms of malware such as Mebromi attacking the system BIOS. As computers evolve and programming languages evolve, attackers are finding new ways to attack the system. This issue will only grow into the future until a new approach has been devolved into protecting the BIOS. Mebromi has set the standard for BIOS malware and the only thing left to do is to secure the BIOS environment or wait and see if newer forms of malware like Mebromi appear in the wild, crippling our entire computing infrastructure. 6

REFERENCES
[1] Bowman, M., Debray, S. K., and Peterson, L. L. 1993. Reasoning about naming systems. ACM Trans. Program. Lang. Syst. 15, 5 (Nov. 1993), 795-825. DOI= http://doi.acm.org/10.1145/161468.16147. [2] Burns, E. (n.d.). What is an mbr rootkit?. Retrieved from http://www.ehow.com/facts_6949622_mbr-rootkit_.html [3] Master, D. (2011, September 15). Bios rootkit trojan dropper attacks award phoenix technologies. Retrieved from http://nwlinux.com/bios-rootkit-award-phoenix-technologies/ [4] Fagerland, S. (2011, September 8). Mebromi, a bios-flashing trojan [Web log message]. Retrieved from http://blogs.norman.com/2011/malware-detectionteam/mebromi-a-bios-flashing-trojan [5] Giuliani, M. (2011, September 14). Mebromi: the first bios rootkit in the wild [Web log message]. Retrieved from http://blog.webroot.com/2011/09/13/mebromi-the-first-biosrootkit-in-the-wild [6] Nash, T. (2005, September). An undirected attack against critical infrastructure. Retrieved from http://www.uscert.gov/control_systems/pdf/undirected_attack0905.pdf [7] Tyson, J. (n.d.). How bios works . Retrieved from http://computer.howstuffworks.com/bios1.htm [8] Understanding Anti-Malware Technologies" (PDF). Microsoft. Retrieved 2011-10 [9] Yuan, L. (2011, September 6). Mebromi. Retrieved from http://www.symantec.com/security_response/writeup.jsp?doc id=2011-090609-4557-99&tabid=2