Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boot Sector Viruses & Rootkits Poised For Comeback

Posted by ryuzaki0 on from the oldies-but-goodies dept.

Ant writes "Ars Technica says Panda Labs' first quarter 2008 malware report raises a new concern, though it comes from a surprising direction. According to the company, boot sector viruses loaded with rootkits are poised to make a comeback. This honestly sounds a bit odd, considering how long it has been since a boot virus has topped the malware charts, but it's at least theoretically possible (pdf). Such viruses have a simple method of operation. The virus copies itself into the Master Boot Record (MBR) of a hard drive, and rewrites the actual MBR data in a different section of the drive. The report also covers a number of other topics and makes predictions about the types of attacks computer users may see in the future. Forecasting these trends is always tricky."

11 of 95 comments (clear)

  1. Re:Let me guess by MooseMuffin · · Score: 2, Funny

    Yep. Just copy this little protection file into your MBR...

  2. I can see it now by oni · · Score: 5, Funny

    GNU GRUB version 0.95 (638 lower / 288704K upper memory)

    Ubuntu, kernel 2.6.12-9-386
    Ubuntu, kernel 2.6.12-9-386 (recovery mode)
    Ubuntu, memtest86+
    Other operating systems:
    Windows NT/2000/XP
    omfgh4xorz-r00tk1tz3113

    Use the up and down keys to select which entry is highlighted.
    Press enter to boot the selected OS, 'e' to edit the commands
    before booting, or 'c' for a command-line

    hmm, something's not right here

    1. Re:I can see it now by ettlz · · Score: 3, Funny

      hmm, something's not right here

      Yep. The latest grub is 0.97.

      Or are you talking about the space-munching change of layout?

    2. Re:I can see it now by maxch · · Score: 4, Funny

      call me crazy, but that Windows entry seems suspicious.

    3. Re:I can see it now by Anonymous Coward · · Score: 2, Funny

      Indeed. You misspelled Windows Vista.

  3. Cool by dedazo · · Score: 4, Funny
    The last time any of my machines had anything resembling a virus, malware or trojans it came in a floppy boot sector and it was called "Natas" or something like that.

    Bill Clinton was president, the Nasdaq was at 5,000 or something like that and I was smoking pot. Maybe we'll go back to the old days in more ways than one!

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
    1. Re:Cool by Abreu · · Score: 2, Funny

      Well, I don't know about boot sector viruses or about pot, but theres a chance you might get a 'President Clinton' once more...

      -

      *Disclaimer: The above is a joke and not an endorsement or criticism of any US candidate... I am not USian and I don't really care much for american policies.

      --
      No sig for the moment.
    2. Re:Cool by BlackSnake112 · · Score: 2, Funny

      I remember back in college (1992) I bought a box of 10 floppy disks. All 10 were infected (with ripper I think). I wrote to the disk company letting them know the numbers that were on the box. About three weeks later I got a huge box. It had over 1000 brand new floppies and a letter thanking me for letting them know about that issue. Also was an apology for getting infected disks. I didn't have to buy floppy disks for years.

  4. Bah! by Well-Fed+Troll · · Score: 4, Funny

    I spit on thee, thou foul virus writing knaves.
    Wilt it doth survive the lowly Format?
    Truly I say unto thee, Real Men write CMOS infecting viruses.

  5. Windows Malicious Software Removal Tool by mrbluze · · Score: 4, Funny

    Windows is a program which inserts code into the master boot record, often before the user has broken open the packaging of their new computer, resulting in loading of malicious code at power-on which causes the computer to phone-home and results in the gradual loss of available disk space on the affected drive. Multiple other vulnerabilities have also been reported.

    Various removal tools are available free of charge. This is considered a critical and urgent update.

    --
    Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  6. great idea by ILuvRamen · · Score: 3, Funny

    And you know what really helps is writing detailed how-to theory articles, saying it's inevitable, and repeating how effective it could be. That will ensure that all these gloom and doom virus articles come true! That must be what all these authors want or something or they'd all shut up.

    --
    Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'