Triulzi said he’s seen plenty of firmware-targeting malware in the laboratory. A client of his once infected the UEFI-based BIOS of his Mac laptop as part of an experiment. Five years ago, Triulzi himself developed proof-of-concept malware that stealthily infected the network interface controllers that sit on a computer motherboard and provide the Ethernet jack that connects the machine to a network. His research built off of work by John Heasman that demonstrated how to plant hard-to-detect malware known as a rootkit in a computer’s peripheral component interconnect, the Intel-developed connection that attaches hardware devices to a CPU.
I wrote and demonstrated to some folks in D.C. a prototype of something like this in 2004 or 2005. Even before that lots of people knew it was possible.
You can remove all hard disks from your computer, install empty ones, and as the computer is booting up for the first time infect the new hard disk before the O/S even attempts to boot off of the CD drive. Of if you wanted you could just refuse to boot.
Imagine a stealth virus that infected some large percentage of all computers then on September 11th would only perform one function—format any storage device it had control of.