When you’re looking for viruses on your computer, the typical scanner pores over your hard drive for malicious files, programs or bits of code, examining each item to make sure there’s nothing out of the ordinary. But what about malware that’s hidden outside of your hard drive, in the very code that tells your computer how to boot?
VirusTotal, a malware-hunting subsidiary of Google, announced in a blog post it has a new tool that scans your computer’s BIOS and UEFI firmware for malicious content. Your BIOS or UEFI are the links between your hardware and your software, and that firmware tells your computer how to boot. If there is malware present in that area of your computer, even replacing your hard drive won’t remove it — it exists in a chip on your motherboard.
This malware can repeatedly install software onto your computer before the operating system loads.
According to the blog post, the effort to focus on scanning firmware is in response to recent reports of certain kinds of malware targeting the BIOS and UEFI of certain machines — specifically incidents regarding Lenovo and Hacking Team.
If VirusTotal’s new tool works, PC owners should have a little less to worry about, though you need a web connection to use it. The tool allows researchers to upload firmware images, which the tool examines by extracting executable code where malware might be present. The process then tells users whether there is malware present or not.