Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boot Record Rootkit Threatens Vista, XP, NT

Posted by kdawson on from the writing-to-zero dept.

Paul sends us word on a new exploit seen in the wild that attacks Windows systems completely outside of the control of the OS. "Unfortunately, all the Windows NT family (including Vista) still have the same security flaw — MBR [Master Boot Record] can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected... At the end of 2007 stealth MBR rootkit was discovered by MR Team members (thanks to Tammy & MJ) and it looks like this way of affecting NT systems could be more common in near future if MBR stays unprotected."

10 of 261 comments (clear)

  1. Messed up by Anonymous Coward · · Score: 5, Funny

    Unfortunately, all the Windows NT family (including Vista) still have the same flaw -- incest. NT and ME were siblings who married to produce XP. It doesn't help any that NT's father, 95, produced NT via a union with his daughter, 98. XP then killed NT and had a child with ME. He later gouged his GUI out. The end result of all this is Vista. And you guys wonder why Vista has security issues? Poor guy must have complex on top of complex, not to mention more than a few birth defects.
  2. Re:Like it matters by Nimey · · Score: 5, Funny

    The slashot discussion system is a joke run by arrogant, biased, opinion nazis Tutorial:

    1) That's "Slashdot". -1 for capitalization, -5 for spelling.
    2) Nazi is capitalized.
    3) Your sig is an automatic Godwin. Might want to fix that.
    4) You didn't end your sentence with punctuation. This one calls for a period.
    5) Arrogant? You bet!
    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  3. Re:Like it matters by Nimey · · Score: 4, Funny

    I see that you are not an adherent of the True Church of the Flying Spaghetti Monster. The FSM has *everything* to do with Windows; we don't call it spaghetti code for nothing!

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  4. Re:Like it matters by cgenman · · Score: 4, Funny

    If these so-called invisible rootkits are so effective, why aren't we seeing them everywhere? Huh?

    http://www.nuklearpower.com/daily.php?date=080103

    --
    The ______ Agenda
  5. A boot sector virus? In my PC? by Purity+Of+Essence · · Score: 4, Funny

    It's more likely than you think.

    What is this? 1986?

    --
    +0 Meh
    1. Re:A boot sector virus? In my PC? by Nimey · · Score: 4, Funny

      Your computer is now stoned.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    2. Re:A boot sector virus? In my PC? by Jeffrey+Baker · · Score: 4, Funny

      Yeah right. Do you think the virus idiots know how to program a virus into 512 bytes these days? I've seen self-styled viruses that are carrying around msvcrt.dll. Those guys should be embarrassed.

    3. Re:A boot sector virus? In my PC? by shdwtek · · Score: 4, Funny

      512 bytes should be enough for any virus.

  6. Re:Like it matters by Anonymous Coward · · Score: 5, Funny

    The latter, because "Fuck off" is an imperative verb form and has nothing to do with adjectives.

  7. Re:Like it matters by cbreaker · · Score: 4, Funny

    Yes, it's the super complicated SlashDot moderation system designed specifically to baffle the weak minded. Although some chimps have been known to figure it out, it apparently still has some effectiveness.

    --
    - It's not the Macs I hate. It's Digg users. -