Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boot Sector Viruses & Rootkits Poised For Comeback

Posted by ryuzaki0 on from the oldies-but-goodies dept.

Ant writes "Ars Technica says Panda Labs' first quarter 2008 malware report raises a new concern, though it comes from a surprising direction. According to the company, boot sector viruses loaded with rootkits are poised to make a comeback. This honestly sounds a bit odd, considering how long it has been since a boot virus has topped the malware charts, but it's at least theoretically possible (pdf). Such viruses have a simple method of operation. The virus copies itself into the Master Boot Record (MBR) of a hard drive, and rewrites the actual MBR data in a different section of the drive. The report also covers a number of other topics and makes predictions about the types of attacks computer users may see in the future. Forecasting these trends is always tricky."

5 of 95 comments (clear)

  1. I can see it now by oni · · Score: 5, Funny

    GNU GRUB version 0.95 (638 lower / 288704K upper memory)

    Ubuntu, kernel 2.6.12-9-386
    Ubuntu, kernel 2.6.12-9-386 (recovery mode)
    Ubuntu, memtest86+
    Other operating systems:
    Windows NT/2000/XP
    omfgh4xorz-r00tk1tz3113

    Use the up and down keys to select which entry is highlighted.
    Press enter to boot the selected OS, 'e' to edit the commands
    before booting, or 'c' for a command-line

    hmm, something's not right here

  2. Watch out for what you buy by Digi-John · · Score: 5, Interesting

    A danger to be alert to is the possibility of viruses and rootkits that ship with the computer. Consider that most computers have a lot of parts made in China; suppose the Chinese government decides it's going to slip something into your BIOS? That is a major issue for national security, and it's not just speculation; I've seen test viruses that sit in the BIOS and do a SUID root on a specific file in /tmp on every bootup. EFI is just as vulnerable, because it's basically a complete Unix-like OS just for booting.

    --
    Klingon programs don't timeshare, they battle for supremacy.
  3. Why? by Rurik · · Score: 5, Insightful

    I wonder why a virus writer would even want to do this? Nearly all have learned that instead of wreaking havoc for fun, they can wreak havoc and make money off it. There's a reason most writers stopped writing boot sector viruses. Viruses are more fun when they can perform click-fraud, and other long-term money making actions, instead of destroying a user's computer.

  4. Virtualization complications by wheatking · · Score: 5, Insightful

    so what happens w/ all this virtualization (VMware, Xen, Microsoft/Kidaro, RingCube, Moka5,...) coming in... aren't bare metal vulnerabilities @ the hypervisor layer a bigger deal?

  5. Re:Let me guess by Anonymous Coward · · Score: 5, Informative

    Not quite. It protects the bios from hard disk writes using int 13h. It won't protect from programs accessing the hard drive directly using I/O ports, which any modern MBR virus is likely to do.