Somewhere in a Russian computer lab lurks a computer virus so deadly, so indestructible that it can spread even when machines are disconnected from Wi-Fi – or power cables.
A researcher and his team have battled the infection for three years – and seen it infect Macs and PCs, and return even once machines have been wiped.
Dragos Ruiu calls it “BadBIOS”, and claims that it is “the tip of the warhead” – a new type of cyberweapon, which he believes spreads by sound.
It can infect PCs or Macs with equal ease.
British tech site The Register are a little more sceptical, describing it as The Loch Ness Monster of computer viruses.
“This “virus” is pure rumour and conjecture currently. No actual sample has been identified,” says Orla Cox of Symantec. “As a result Symantec is not in a position to comment right now.”
Its most terrifying power, according to Ruiu, is the ability to hurdle “air gaps” – a last ditch security measure where PCs are disconnected from any system that might lead to the internet.
Ruiu’s machines – even ones he had “cleaned” – acted as if they were connected to the internet, he says.
“How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function stopped working,” he said, in an interview with Ars Technica.
Ruiu admits that BadBIOS sounds like “the stuff of urban legend” – but says he will reveal more in two weeks’ time.
On Twitter, he and fellow security researchers are analysing sounds from the lab, to see if the infected machines are somehow sending signals. He also supplied other researchers with forensic data – but has met with raised eyebrows.
“I am getting increasingly skeptical due to the lack of evidence,” researcher Arrigo Triulzi told Ars Technica, who ran the original piece.
Research from the University of Birmingham at Alabama proved earlier this year that even low-powered PC speakers could send “messages” – short signals which could be used as a trigger in a cyber attack.
Whether this is enough to explain Ruiu’s three-year nightmare remains to be seen.
Ruiu says that his infection may be a warning – “the first stages of a larger attack.”
Sites such as Techworld speculate it could be something that accidentally escaped from a lab – or even perhaps, part of a cyberweapon designed by a nation state. Ruiu recently discovered that it could spread via infected USB memory sticks – a hint that it’s designed to attack industrial systems, with isolated computers.