pingudownunder.com » windows http://www.pingudownunder.com/blog my wierd little corner on this world wide interweb thingy Tue, 22 Jun 2010 11:24:38 +0000 en hourly 1 http://wordpress.org/?v=3.0 Return of the Bootsector Virus? http://www.pingudownunder.com/blog/2007/05/03/return-of-the-bootsector-virus/ http://www.pingudownunder.com/blog/2007/05/03/return-of-the-bootsector-virus/#comments Thu, 03 May 2007 13:13:28 +0000 Simon Harvey http://www.pingudownunder.com/2007/05/03/return-of-the-bootsector-virus/ A very interesting article caught my eye which is being presented to BlackHat Europe and HITB Dubai conferences. Two Indian graduates have developed a Vbootkit, which is just like a standard rootkit in Windows … but importantly is invoked before the OS itself starts booting up, i.e. by compromising the boot sectors. Before the OS is loaded.

Could this herald the return of the “bootsector” virus with a nasty undetectable payload, giving it root privileges? An article about it (very interesting read, highly recommended) is at http://www.nvlabs.in/?q=node/16 including detailed technical information (pdf format) and presentation slides/video demonstration also on the site. One to keep in mind …

The demo, of course, compromises Windows Vista. Or if you’re feeling like a bit of fun this weekend, you can download the source code for the vbootkit for Windows 2000, XP and 2003 from the same site. Shame they didn’t put the antispam on their blog page, where there are the usual spamdverts for certain medicals and loans.

]]> http://www.pingudownunder.com/blog/2007/05/03/return-of-the-bootsector-virus/feed/ 0