Virus prevents booting from optical drive on a computer that doesn't have an optical drive? Sounds legit.
You just restore from the restore partition anyways. Ultrasonic signals? Really?
Here are some comments on it:
I don't know, sound card drivers are pretty complex, I really can't imagine a bios malware that can support many audio cards, and sound transmission is very low bandwidth and highly error prone...
I still think it's a hoax...
"It's also possible to use high-frequency sounds broadcast over speakers to send network packets. ". Highly doubtful as a standard audio speaker, especially a 50 cent PC speaker, has an frequency role off around 10-15Khz. At and above these frequencies the DB level drops like a rock, so these things are not sending (human) inaudible high frequencies that a 50 cent PC mic could pick up. To send at a DB level high enough for a cheap PC mic to pick up, it would be in the audible frequency range and one would hear it. More likely some source has been infected (CD, USB, etc.). What MIT might do with ultrasonic and highly specialized transducers is not the same thing as what a 50 cent consumer PC speaker and 1/4 watt PC amplifier can do. Period. A $10 mic, a PC sound card and shareware audio analyzer software is all that is need to prove this one way or another.
From what I read so far I have to assume it is a hoax. In particular, I don't like how he simply states that he has seen data transmission without explaining how he has seen that. Does the OS report a network device in spite of him removing all network devices? If so, what kind of network device is shown? If not, how would he see that data is exchanged? Simply saying that "I removed all network devices and it sill transmits data" is lacking too much technical details. We also need an independent review (somebody who is able to reproduce the problems).
Here are the key points as I see them:
* Ultrasound communication:
Seem to be theoretically possible but probably extremely low bandwidth, could be done in audible sound hidden as noise. Nobody claims the infection happens through sound, only that infected machines can communicate. It is unclear how he saw data being exchanged. Wouldn't he need to see some network device? And if so, what kind of network device was shown? Or how else does he know data was exchanged? What is the observed bandwidth?
* BIOS reflashed
The BIOS will check hardware extensions (e.g. PCI cards) for additional drivers to load. So it's possible the malware hides in other places and still gets loaded on system start-up.
* Drivers for diverse hardware
The malware could download custom modules for a specific infected machine. So while the module installed in the BIOS (or some BIOS extension) might not have enough space to hold a multitude of different soundcard drivers, it is possible that the malware downloads a specific module for the given infected system.
* 404 from infected machines on web sites discussion reflashing of flash disk controllers
If this is indeed the case, it should be possible to compare the exact request sent by the infected machine and compare it to a similar but clean machine to see the differences to find out how the server could identify infected machines (would be extremely useful). Or is it the infected OS that intercepts access to these sites? And if so, how does it identify hosts to censor?
