Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boot Record Rootkit Threatens Vista, XP, NT

Posted by kdawson on from the writing-to-zero dept.

Paul sends us word on a new exploit seen in the wild that attacks Windows systems completely outside of the control of the OS. "Unfortunately, all the Windows NT family (including Vista) still have the same security flaw — MBR [Master Boot Record] can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected... At the end of 2007 stealth MBR rootkit was discovered by MR Team members (thanks to Tammy & MJ) and it looks like this way of affecting NT systems could be more common in near future if MBR stays unprotected."

21 of 261 comments (clear)

  1. Messed up by Anonymous Coward · · Score: 5, Funny

    Unfortunately, all the Windows NT family (including Vista) still have the same flaw -- incest. NT and ME were siblings who married to produce XP. It doesn't help any that NT's father, 95, produced NT via a union with his daughter, 98. XP then killed NT and had a child with ME. He later gouged his GUI out. The end result of all this is Vista. And you guys wonder why Vista has security issues? Poor guy must have complex on top of complex, not to mention more than a few birth defects.
    1. Re:Messed up by o'reor · · Score: 3, Funny

      It doesn't help any that NT's father, 95, produced NT via a union with his daughter, 98.
      Gross. Well actually, NT (going back to 3.xx) was not the daughter of W95xW98, but rather the (already) bastard child of Win3.11 who raped his mother VMS during the First War of the OS (ugly, ugly -- you don't really want to know).

      Therefore NT3.5 is W95's stepsister -- given that W95 is the legitimate heir of Win3.11. It turned out then that W95, who was a real pervert due to its dominant 16-bit gene, chkdsked his stepsister NT3.51 (they don't used words like "fscked" in that family, they have their own lingo), who begat NT4.0. Then NT4.0 and his aunt W98 both got drunk one night, and soon they gave birth to Win2K. Somehow at that point in the family tree, the 16-bit gene got culled out. But the inbreeding continues...

      --
      In Soviet Russia, our new overlords are belong to all your base.
    2. Re:Messed up by smchris · · Score: 2, Funny

      Actually, the Ur-mother of the 32-bit desktop was probably OS2. Virtually unknown today and only spoken of among a small cult who cherish the old ways. There are rumors Microsoft itself indulged in the rites of OS2 before a conversion experience.

  2. Re:Like it matters by Nimey · · Score: 5, Funny

    The slashot discussion system is a joke run by arrogant, biased, opinion nazis Tutorial:

    1) That's "Slashdot". -1 for capitalization, -5 for spelling.
    2) Nazi is capitalized.
    3) Your sig is an automatic Godwin. Might want to fix that.
    4) You didn't end your sentence with punctuation. This one calls for a period.
    5) Arrogant? You bet!
    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  3. Re:Like it matters by Nimey · · Score: 4, Funny

    I see that you are not an adherent of the True Church of the Flying Spaghetti Monster. The FSM has *everything* to do with Windows; we don't call it spaghetti code for nothing!

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  4. Re:Like it matters by cgenman · · Score: 4, Funny

    If these so-called invisible rootkits are so effective, why aren't we seeing them everywhere? Huh?

    http://www.nuklearpower.com/daily.php?date=080103

    --
    The ______ Agenda
  5. A boot sector virus? In my PC? by Purity+Of+Essence · · Score: 4, Funny

    It's more likely than you think.

    What is this? 1986?

    --
    +0 Meh
    1. Re:A boot sector virus? In my PC? by Nimey · · Score: 4, Funny

      Your computer is now stoned.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    2. Re:A boot sector virus? In my PC? by Jeffrey+Baker · · Score: 4, Funny

      Yeah right. Do you think the virus idiots know how to program a virus into 512 bytes these days? I've seen self-styled viruses that are carrying around msvcrt.dll. Those guys should be embarrassed.

    3. Re:A boot sector virus? In my PC? by shdwtek · · Score: 4, Funny

      512 bytes should be enough for any virus.

  6. Re:Treacherous Computing to the rescue! by ScrewMaster · · Score: 2, Funny

    The jellied gasoline salvo is on the way, with a thermite chaser.

    --
    The higher the technology, the sharper that two-edged sword.
  7. Re:Like it matters by Anonymous Coward · · Score: 1, Funny

    If these so-called invisible rootkits are so effective, why aren't we seeing them everywhere? Huh?

    You keep using that word. I do not think it means what you think it means.

  8. Re:Like it matters by Anonymous Coward · · Score: 1, Funny

    And finally, the user himself can execute it. And, believe it or not, this is the most used and most successful way of infecting a machine. In other words, the main security problem is not in the machine. It's in front of it. I knew it all along.... CURSE YOU KEYBOARD!!! *punches keyboard* h fdsjkl hs
  9. Re:Like it matters by Anonymous Coward · · Score: 5, Funny

    The latter, because "Fuck off" is an imperative verb form and has nothing to do with adjectives.

  10. Re:Like it matters by cbreaker · · Score: 4, Funny

    Yes, it's the super complicated SlashDot moderation system designed specifically to baffle the weak minded. Although some chimps have been known to figure it out, it apparently still has some effectiveness.

    --
    - It's not the Macs I hate. It's Digg users. -
  11. Re:The perfect virus by andreyw · · Score: 2, Funny

    I'm forced to conclude that the majority of Slashdot's most vehement and fervent posters are autistic inhabitants of their parents' basements, with no sense of humor at all.

    -1.

  12. Round and round we go... by Fizzl · · Score: 2, Funny

    MBR was THE attack vector for viruses back in the good old times of MS-DOS and floppies. Now it's new again?

    --
    Bot Assisted Blogging
  13. Re:I Thought Vista Was a Re-Write? by flyingfsck · · Score: 3, Funny

    Uhmm, that is thanks to the extensive experience of the programmers and an advanced programming tool invoked with the secret codes ctrl-c and ctrl-v...

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  14. DOS 3.3 called... by (Score.5,+Interestin · · Score: 2, Funny

    ... it wants its viruses back!

    If you read the OP this is pretty much what DOS viruses were doing 20 years ago. Wow.

  15. Re:Like it matters by Fred_A · · Score: 2, Funny

    Hen and egg. How does the virus get there in the first place. SOMEONE must first of all get it to execution. Malware doesn't suddenly jump in and exists. Really ?
    That's not what my users have been telling me...

    Those sneaky weasels !

    --

    May contain traces of nut.
    Made from the freshest electrons.
  16. Re:Like it matters by Anonymous Coward · · Score: 1, Funny

    Oooooh, XML compliant snarkism. Nice.