Formatting your hard drive and starting all over is an effective – albeit drastic – way to get rid of most types of malware, but here’s one that’s so insidious even that “scorched earth” solution won’t work. We’re talking about BIOS-based malware, malicious code that takes advantage of vulnerabilities in the Open UEFI framework, and persists across platforms even after a complete wipe.
Corey Kallenberg and Xeno Kovah demonstrated this scary attack, which can be carried out remotely, at Defcon 22. Donovan Colbert was there to see it; find out more in his writeup on his blog:
http://donovancolbert.blogspot.com/2014/08/extreme-privilege-escalation-on-windows.html