Return of the Bootsector Virus?

security

, ,

A very interesting article caught my eye which is being presented to BlackHat Europe and HITB Dubai conferences. Two Indian graduates have developed a Vbootkit, which is just like a standard rootkit in Windows … but importantly is invoked before the OS itself starts booting up, i.e. by compromising the boot sectors. Before the OS is loaded.

Could this herald the return of the “bootsector” virus with a nasty undetectable payload, giving it root privileges? An article about it (very interesting read, highly recommended) is at http://www.nvlabs.in/?q=node/16 including detailed technical information (pdf format) and presentation slides/video demonstration also on the site. One to keep in mind …

The demo, of course, compromises Windows Vista. Or if you’re feeling like a bit of fun this weekend, you can download the source code for the vbootkit for Windows 2000, XP and 2003 from the same site. Shame they didn’t put the antispam on their blog page, where there are the usual spamdverts for certain medicals and loans.