Users can utilize it to detect rootkit malware

Jan 27, 2016 23:52 GMT  ·  By

VirusTotal, the best thing for security aficionados since sliced bread, has announced initial support for detecting and then properly analyzing firmware images.

The new feature should come in handy to users who suspect they might be infected with rootkit malware.

Rootkits are a common occurrence in new malware families

In the past years, malware targeting a computer's BIOS (Basic Input/Output System) and UEFI (Unified Extensible Firmware Interface) firmware images has grown in numbers, with the most famous case coming out of the Hacking Team data breach.

The reason cyber-criminals are targeting UEFI and BIOS images is because they can persist malicious code between PC reboots and even PC reinstalls. Additionally, antivirus engines can't reach that deep inside a computer's system to scan for viruses in the firmware.

As you'd normally expect, this has led to an increase in the number of malware strains that come with a rootkit component, either loaded on command or included by default within the malware's body.

Either way, the number is growing, and most users find themselves with sluggish computers, even after a fresh reinstall, something that might lead anyone to believe that something weird may be happening with your motherboard's code.

New VirusTotal firmware scanner feature is available right now

VirusTotal's new feature is available starting today, and you can extract your firmware code, optionally remove personally identifiable information (like WiFi passwords, hostnames, etc.), and then upload it to VirusTotal through the regular homepage form.

Once the results show up, just check out the "File detail" and "Additional information" tabs.

VirusTotal will automatically break down your firmware, analyze each file, and compare it to the virus databases of all the antivirus engines it supports. If something shady comes up, you'll see it in the "File detail" tab, marked with an orange or red icon.

When this happens, then it may be the time to wipe your BIOS/UEFI and reinstall it from scratch. For this operation, non-technical users might need to hire an IT professional.

The following tools will also help you extract your firmware image from your PC and submit it to VirusTotal for analysis: - DarwinDumper - CHIPSEC - Flashrom

Here's a naughty firmware sample to play with.

Sample VirusTotal firmware scan
Sample VirusTotal firmware scan

Photo Gallery (2 Images)

VirusTotal adds support for scanning firmware images
Sample VirusTotal firmware scan
Open gallery