Their is currently no way to put a virus inside a mp3 file. The way the file is read by players is like a data file , it never is used in a manner that makes it executable. Picture files on the other hand can contain malicious code because some of the formats contain information that actually executes inside the image viewing application. The safest image formats are bitmap formats because they are pure color data.
New motherboards and lots of devices like phones have moved away from the older format of flashing media which was done using a parallel interface to the flash chips. That required a lot of data lines and dedication by the cpu in processing the signals timing and code so the flash wouldn't be corrupted. The cpu had to handle the whole process making it harder for someone to attack the bios.
In come the new flash , serial flash. What once was a 32 pin chip with 16 data lines and clock, write enable, read enable, and other wires has become a 3 wire interface. Clock, Data, Mode.
It is now possible to flash the bios inside windows, linux, dos, or anything else without what the cpu is processing even knowing it has been done. The bios is only used until the host OS loads, then that OS takes over. Someone can change the bios and nobody is the wiser till a reboot when the bios is loaded again. How can you stop it ? It varies with the board.
The bios is just code running on the cpu at boot . The southbridge chip handles the new serial interfaces so any protection would have to be within the southbridge chip.
Some serial memory has a WE or write enable pin that has to have 3.3volt applied to write to it, motherboard makers could put a jumper on the board to disable that pin and nobody could flash the bios.