A BIOS rootkit is programming that exists in a system's memory hardware to enable remote administration. Rootkits may be installed for legitimate purposes, such as digital rights management (DRM) or data or device security but they may also be targets for persistent attacks.
The BIOS (basic input/output system) is firmware that resides in memory -- rather than on the hard disk drive -- and runs while a computer boots up. Because a BIOS rootkit lives in memory, it persists not only through attempts to reflash (update) the BIOS but also through hard drive erasure or replacement. Originally, the BIOS firmware was not writeable. However, most manufacturers now use an erasable format, such as flash memory. The use of an erasable format makes BIOS updates easier but also leaves the BIOS vulnerable to online attack. A BIOS rootkit attack is an exploit in which legitimate BIOS programming is updated with malicious code.