The mystery surrounding the Nyxem worm is starting to rattle the system. F-Secure was again first on the scene with a warning on January 20th that the growth and destructive payload of the worm were alarming. A week later all of the other large Anti-Malware firms are reporting the same thing, and security folks all seem to be looking at each other and wondering what’s the significance of February 3rd (the day it activates and deletes all your data — docs, spreadsheets, and databases), and whether this is the sophistication of attack we should expect going forward? The shift from quantity to “quality” of malware is happening right now. Who’s to blame?
Incidentally, just as we’re starting to get comfortable with using software to control the computer BIOS (very handy in the enterprise), someone points out that controls are lacking to prevent someone from BIOS attacks:
The firmware on most modern motherboards has tables associating commands in the ACPI Machine Language (AML) to hardware commands. New functionality can be programmed in a higher level ACPI Source Language (ASL) and compiled into machine language and then flashed into the tables.