Boot Sector Viruses & Rootkits Poised For Comeback

Ant writes "Ars Technica says Panda Labs' first quarter 2008 malware report raises a new concern, though it comes from a surprising direction. According to the company, boot sector viruses loaded with rootkits are poised to make a comeback. This honestly sounds a bit odd, considering how long it has been since a boot virus has topped the malware charts, but it's at least theoretically possible (pdf). Such viruses have a simple method of operation. The virus copies itself into the Master Boot Record (MBR) of a hard drive, and rewrites the actual MBR data in a different section of the drive. The report also covers a number of other topics and makes predictions about the types of attacks computer users may see in the future. Forecasting these trends is always tricky."

Re:Let me guess

[Molochi]

MBR bios protection seems to be pretty common on "homebuilt" and "mom and pop" machines. But my laptop (acer) doesn't seem to have it. I don't see an option to enable it on our toshiba (though it runs vista so NBD). I don't do PC support anymore, do the vast number of Dells running XP have MBR protection in bios?

Re:Let me guess

Not quite. It protects the bios from hard disk writes using int 13h. It won't protect from programs accessing the hard drive directly using I/O ports, which any modern MBR virus is likely to do.

Re:Let me guess

Professional laptops like Panasonic tough books have it.

Maybe the toy grade stuff like toshiba and dell dont.

Re:The old ways still work

[jmadren]

No, Autorun.inf will not automatically run on plain USB flash drives. Microsoft didn't think to support that. Autorun.inf will only work on CD drives. That's why U3 flash drives have firmware in them that emulates a CD drive, to trick Windows into automatically running the Autorun.inf. U3 doesn't install special drivers on the computer, Windows does that itself in response to seeing a new CD hardware device (except for Win95/98, for which you have to install some drivers).