Google’s VirusTotal now also scans for malicious code in firmware and BIOS files

Google’s online multi-engine virusscanner Virustotal is now able to scan firmware and BIOS files for malicious code. Firmware is often the first piece of code loaded on a system and resides in a flash memory soldered to the mainboard. By infecting firmware an attacker can add malicious code that remains on the computer even after a clean install.


After revelations of whistleblower Edward Snowden it became publically known that some secret services infect firmware with malicious code. “That’s why the security industry should put some focus on this strain of badness”, Francisco Santos from Virus Total writes in a blog announcing the new feature.

The firmware scanning tool will uses several methods to determine whether a firmware is safe. It also lists a whole lot of information on the firmware so users can compare it with other firmwares of the same vendor.

VirusTotal is a multi-engine scanner and uses 61 different engines of 55 antivirus developers. The online tool scans between 1.5 and 2 million files a day of which the majority are .EXE files.