|
-
March 12th, 2008, 09:33 AM
#11
MBR has been changed, possible virus, boot? [Y]/[N]
I had a client the other day with this problem. Cant remember what I did to fix it.
Think I just did fixboot & fixmbr.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
March 12th, 2008, 04:58 PM
#12
MBR rootkits aren't new. In fact, I've seen them for years. What is new(er) is the professional level of development that MBR rootkits are seeing. Why? Because criminals know that endpoints are (for the most part) defensless against this type of vector. Projected profits from MBR rootkits are high, hence, all the love from the bad guys.
Someone mentioned kernel hooks. The issue with that is the way the rootkit hooks the kernel. Without spinning into a technonerd discussion, it would be like looking for a white collar criminal in a see of others wearing suits. On the surface, they all look the same. The criteria needed to detect the hook would be extensive. Anyway, fwiw.
--Th13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 12th, 2008, 05:08 PM
#13
I do recall reading about the potential for flashing malware into the various bits of firmware/BIOS memory on motherboards, but I haven't heard of anything in the wild yet.
Similar Threads
-
By hesperus in forum Spyware / Adware
Replies: 6
Last Post: December 20th, 2005, 01:34 AM
-
By warl0ck7 in forum Microsoft Security Discussions
Replies: 0
Last Post: September 17th, 2005, 07:15 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
