Malware for PCs is an established part of life. Keeping the operating system and applications up to date helps (a vulnerability that's been removed can't be exploited), as does decent security software.
And if the worst comes to the worst, there's always the possibility of completely wiping the hard drive and starting from scratch.
But a security researcher has shown that a small malware loader can be concealed in the BIOS or other firmware built into a PC.
Jonathan Brossard demonstrated this approach at the recent Black Hat conference in the US. The routine hidden in the BIOS connects to a remote server to fetch the code that does the dirty work.
Unlike conventional malware, this leaves no trace on the hard drive for later analysis as the rogue code is freshly downloaded each time.
It is possible that network monitoring tools could detect this unusual traffic, but apparently only a small amount of data needs to be transferred.
The fear is that a manufacturer or some other player in the supply chain - perhaps under pressure from its home government - might build malware like Brossard's into PCs destined for particular countries or even specific customers.
In this scenario, he points out that TPM would provide no protection as the code is already present when the configuration is sealed.
In fact, TPM would protect the malware from removal after deployment - if the BIOS or other firmware was replaced, TPM would prevent boot-up.
And if that's not enough, he suggests the architecture he proposes could be used to create a botnet that "can literally not be shut down."
Mr Brossard's research paper is available here.
Talking of firmware and botnets, another researcher has released a tool that is capable of remotely replacing the firmware in a number of popular SOHO routers.
This could be used to create persistent botnets, warned researcher Michael Coppola, who was one of the presenters at the recent Defcon conference.
The problem is that most SOHO routers allow remote administration, and just about all have a mechanism for updating the firmware.
If the administration username and password is left in its default state, this allows an attacker to replace the firmware.
Among the payloads supported by rpef is a botnet client capable of performing various actions on command, including denial of service attacks.
Even if a router's credentials have been changed, there are other ways of getting in. These include brute force attacks (How long is your router's password? Is it a dictionary word?) or specific exploits.
This is relatively straightforward if the router's administration credentials haven't been changed.
Once an attacker has gained access to the router's web interface, it's not difficult to replace the firmware with a hacked version.
Once a router has been flashed with malicious firmware, it is unlikely to be detected and the malware will most likely keep running until the owner updates the firmware with a new release from the device vendor.
Since many owners don't bother to check for updates as long as their router seems to be working properly, the malware could be present for the rest of the device's life.