Boot Sector Viruses & Rootkits Poised For Comeback

Ant writes "Ars Technica says Panda Labs' first quarter 2008 malware report raises a new concern, though it comes from a surprising direction. According to the company, boot sector viruses loaded with rootkits are poised to make a comeback. This honestly sounds a bit odd, considering how long it has been since a boot virus has topped the malware charts, but it's at least theoretically possible (pdf). Such viruses have a simple method of operation. The virus copies itself into the Master Boot Record (MBR) of a hard drive, and rewrites the actual MBR data in a different section of the drive. The report also covers a number of other topics and makes predictions about the types of attacks computer users may see in the future. Forecasting these trends is always tricky."

Why?

[Rurik]

I wonder why a virus writer would even want to do this? Nearly all have learned that instead of wreaking havoc for fun, they can wreak havoc and make money off it. There's a reason most writers stopped writing boot sector viruses. Viruses are more fun when they can perform click-fraud, and other long-term money making actions, instead of destroying a user's computer.

Virtualization complications

[wheatking]

so what happens w/ all this virtualization (VMware, Xen, Microsoft/Kidaro, RingCube, Moka5,...) coming in... aren't bare metal vulnerabilities @ the hypervisor layer a bigger deal?

Re:Let me guess

[Lumpy]

That's ok ASUS has had that protection for decades.

MBR protection has been in every bios on ASUS motherboards for at least 12 years now. turn it on and NOTHING can write to the mbr.

gotta love how old tech solves the "new hotness".

Re:Bah!

[MadnessASAP]

Speaking of which, I remember seeing a rather nifty POC for storing a rootkit in a video cards BIOS. I don't think anybody has taken advantage of it yet though.