Malware Powering On Computers

TL;DR

While malware can’t directly *power on* a completely off computer in the traditional sense, it can wake computers from sleep or hibernation modes and exploit vulnerabilities to gain control during startup. Modern systems have security features to prevent this, but older systems or those with misconfigured BIOS settings are at risk.

Can Malware Power On A Computer?

1. Understanding the States: Off vs. Sleep/Hibernation

• Off: The computer has no power to its main components. Malware cannot directly initiate power-on from this state.
• Sleep: A low-power state where the computer can quickly resume operation. Malware can wake a computer from sleep.
• Hibernation: Saves the current system state to disk and powers off. Malware can potentially restore from hibernation, but this is less common than waking from sleep.

How Malware Wakes Computers From Sleep/Hibernation

• Wake-on-LAN (WoL): A networking feature that allows a computer to be woken up by a network signal. Malware can send WoL packets if the system is configured to allow it. To check on Windows:

  powercfg /a

  This will list wake sources.

• USB Devices: Some USB devices (like mice or keyboards) can be configured to wake a computer. Malware exploiting these devices is rare but possible.
• Scheduled Tasks: Malware can create scheduled tasks that trigger the computer to wake up at specific times. Check in Task Scheduler on Windows.

Exploiting Startup Processes (After Wake-Up)

• Bootkits/Rootkits: These types of malware infect the Master Boot Record (MBR) or boot sector, allowing them to run before the operating system loads. They can gain control early in the startup process.

  Detecting these requires specialized tools like anti-rootkit scanners.

• Autorun/Autostart: Malware adds itself to autorun lists (for removable media) or autostart locations within the operating system, ensuring it runs when the computer starts.

Preventing Malware From Powering On/Waking Computers

1. Disable Wake-on-LAN: If you don’t need WoL, disable it in your BIOS and network adapter settings.
   • BIOS Settings: Access your BIOS (usually by pressing Del, F2, or another key during startup) and look for WoL options.
   • Network Adapter Settings: In Windows Device Manager, find your network adapter properties and disable “Allow this device to wake the computer”.
2. Disable USB Wake-Up: In BIOS settings, disable the ability for USB devices to wake the computer.
3. Secure Boot: Enable Secure Boot in your BIOS. This helps prevent unauthorized code (like bootkits) from running during startup.

   Note: Secure Boot requires UEFI firmware and may affect compatibility with older operating systems.

4. Keep Your System Updated: Regularly update your operating system, antivirus software, and other security tools to patch vulnerabilities.
5. Strong Passwords & Account Control: Use strong passwords for all accounts and enable User Account Control (UAC) to prevent unauthorized changes.

   On Windows, UAC settings are found in the Control Panel.

6. BIOS Password: Set a BIOS password to prevent unauthorized access to your system’s firmware settings.

Can Malware Power On A Completely Off Computer (Rare Cases)

• Compromised Firmware: In extremely rare cases, sophisticated malware could target the motherboard’s firmware directly, potentially allowing it to control power-on functions. This is a very advanced attack and requires significant expertise.

  This is not typical malware behavior.