A very interesting article caught my eye which is being presented to BlackHat Europe and HITB Dubai conferences. Two Indian graduates have developed a Vbootkit, which is just like a standard rootkit in Windows â€¦ but importantly is invoked before the OS itself starts booting up, i.e. by compromising the boot sectors. Before the OS is loaded.
Could this herald the return of the â€œbootsectorâ€ virus with a nasty undetectable payload, giving it root privileges? An article about it (very interesting read, highly recommended) is at http://www.nvlabs.in/?q=node/16 including detailed technical information (pdf format) and presentation slides/video demonstration also on the site. One to keep in mind â€¦
The demo, of course, compromises Windows Vista. Or if youâ€™re feeling like a bit of fun this weekend, you can download the source code for the vbootkit for Windows 2000, XP and 2003 from the same site. Shame they didnâ€™t put the antispam on their blog page, where there are the usual spamdverts for certain medicals and loans.