"Since the BIOS boots a computer and helps load the operating system, by infecting it attackers can deploy malware that survives reboots, system wiping and reinstallations, and since antiviruses are not scanning this layer, the compromise can fly under the radar," Santos writes. "As of today VirusTotal is characterizing in detail firmware images, legit or malicious."
Researchers can upload malware to VirusTotal to see which antivirus products detect malicious code. On top of labeling firmware images, the new tool can extract certificates from the firmware and its executable files, and it can extract portable executables inside the image. PEs are a high-profile source of malicious software, Santos says.
"What's probably most interesting is the extraction of the UEFI Portable Executables that make up the image, since it is precisely executable code that could potentially be a source of badness," Santos writes. "These executables are extracted and submitted individually to VirusTotal, such that the user can eventually see a report for each one of them and perhaps get a notion of whether there is something fishy in their BIOS image."
The "next interesting step" for VirusTotal's firmware tool is the ability to dump your own BIOS firmware into its scanning service, Santos says.