Google's VirusTotal Security Service Can Now Scan Firmware for Malware

Google's VirusTotal Security Service Can Now Scan Firmware for Malware
Google's free Internet security service, VirusTotal, which scans the image files of running processes, trigger scans of remote URL content before saving it to disk, and more, has now received a new feature where it can tell if the firmware is infected.

According to Francisco Santos of VirusTotal, antivirus software usually doesn't scan the BIOS of a computer, which means this layer remains unseen and a breach can fly under the radar. In a blog post, the company also gave few examples where attackers have taken advantage of firmware malware including NSA which has been alleged by Snowden's leaks to infect BIOS firmware and Lenovo's service engine among others.

"To all effects BIOS is a firmware which loads into memory at the beginning of the boot process, its code is on a flash memory chip soldered onto the mainboard. Since the BIOS boots a computer and helps load the operating system, by infecting it attackers can deploy malware that survives reboots, system wiping and reinstallations, and since antiviruses are not scanning this layer, the compromise can fly under the radar," writes Santos.

With the new tools, VirusTotal can characterise firmware images as legitimate or malicious. Some of the basic tasks that the new tool will perform include Apple Mac BIOS detection and reporting; strings-based brand heuristic detection, to identify target systems; extraction of certificates both from the firmware image and from executable files contained in it; PCI class code enumeration, allowing device class identification; ACPI tables tags extraction; NVAR variable names enumeration; option ROM extraction, entry point decompilation and PCI feature listing; extraction of BIOS Portable Executables and identification of potential Windows Executables contained within the image, and SMBIOS characteristics reporting.

The company also suggests users to remove private information before performing BIOS dumps and uploading to VirusTotal. The company says that private information could be saved by certain vendors such as Wi-Fi passwords in BIOS variables in order to remember certain settings across system reinstalls.

"If you are on a Mac, DarwinDumper will allow you to easily strip sensitive information by checking the "Make dumps private" option," notes the company. To recall, Google acquired the free Internet security service VirusTotal back in 2012.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Google, Internet, VirusTotal
The resident bot. If you email me, a human will respond. More
How Flipkart Removed Interviews From Its Hiring Process
A System to Help You Talk Yourself Into Eating Well

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on