Google | Jul 1, 2016 | Master3395
Google is in the process of adding a new anti-malware detection program in its online malware detection tool VirusTotal. It will be used for scanning BIOS for the legitimate programs installed on it. VirusTotal will also use machine learning to learn from the program behavior and hence finding out the malware.
Latest National Security Agency revelations by Snowden involves many secrets regarding the projects involving infecting BIOS firmware. Apart from the NSA, there are more examples of attempts to inject malware into the firmware of the computer.
Until now, the Antivirus industry has not made anything to detect the malware in the BIOS. BIOS is loaded into memory at the beginning of the boot process. That’s why the main operating system code resides on a memory chip soldered onto the mainboard. Thus, BIOS becomes one of the most targeted virus attacks as the code is loaded into the machine before the startup of the operating system.
This makes a malware residing on the firmware almost impregnable and virtually impossible to detect. They can survive system reboots, system wiping and reinstallations of the operating systems. Until now the firmware malware has been ignored a lot in the Antivirus industry but, Google’s VirusTotal may well change this.
VirusTotal will categorize the BIOS into either a legitimate or a malicious BIOS image. VirusTotal can scan all the operating systems including Windows and Apple Mac BIOS to obtain relevant information about the code on the Flash tool. It uses heuristic detection which is based on machine learning to identify the suspect code as well as looking up for the legitimate executable applications built into the BIOS.
Sometimes, the BIOS manufacturers put a computer legitimate program like computer trace programs. These programs help an owner of the machine to trace the computer in case of lost. VirusTotal will extract these executable files and submits them to the service. It will also enable a user to look into the details of the legitimate executable programs.
— VirusTotal Blog