At last I understood all the phases during the boot of the PC (BIOSInitialization → OSLoader → PreSMSS → etc.)
Now my question is “In which phase malware is written in a USB pendrive that I set in BIOS (Boot from … USB pendrive)?”
I understand that there can be also malware that infects the BIOS
But trojans, “standard” viruses (let’s call them in this simplicistic way) can be written on a USB when I boot the system using that USB pendrive?
In a few words, am I at risk if I use some sort of “Hiren’sBoot USB” on an infected machine (booting from the USB)? or due to the fact that in this case no file on C:\ drive is read in the OSLoader phase (am I right?) and the boot is from the USB it is as safe as booting from a normal CD?
Infection occurs as early as the MainPathBoot Phase, but these are usually rare viruses posing as required Windows services or even rarer still, piggyback viruses. However, common infections happen during the explorerinit subphase and after, mostly involving autorun viruses.
No. Infection by Windows viruses occur only during Windows boot-up. Even rootkits that infect the BIOS can only flash themselves during Windows boot-up and requires itself to be admin/root.
BIOS malware are rare since they were written primarily to target a specific audience or hardware. Motives are usually to render a system unusable or take full control, but rarely to spread (if one even does exist for such purpose). Even then, it still needs to run first.