Does updating bios remove infection
Even if the hard drive was completely overwritten and re-installed, the BIOS malware could simply re-infect it again.
Early BIOS versions were stored in read-only memory and could not be altered by a user (or an attacker).
In March at the Can Sec West security conference, held in Vancouver, researchers Alfredo Ortega and Anibal Sacco of Core Security Technologies Inc.
demonstrated a generic BIOS attack that can inject malicious code into many different BIOS types.
BIOS code is stored compressed so that it takes up less space, and code must be decompressed before it runs.
The decompression routine is exactly the same in many different motherboards.
For enterprises that perform remote BIOS updates, configuring physical BIOS write-protection would be a big step backwards in terms of maintenance efficiency (although the effort involved in cleaning up after a BIOS infection might be greater).
Until now, common wisdom has been that the large variety of BIOS implementations means it is unfeasible for attackers to create portable, widespread BIOS malware. According to Core's CTO, Ivan Arce, the researchers identified a specific section of BIOS code -- a decompression routine -- used in the majority of motherboards.The wiki How Tech Team also followed the article's instructions, and validated that they work. These instructions tell the computer how to perform the POST (power on self test) and allow rudimentary management of certain hardware components.The most popular method used to reflash the BIOS used to be a floppy disk.However, Chernobyl's effect on BIOSes was limited, since it could only affect a specific chipset, and the payload was unsophisticated.Nowadays, modern BIOS attacks have the potential to be extremely stealthy and portable.