Master Boot Record Malware Becoming More Stealthy

Your hard disk’s Master Boot Record (MBR) is the first thing that gets loaded when you start your computer, even before the operating system. What if you could change the MBR to load your very own special program? That would make your program the ‘most powerful’ on your computer, giving your program access to all sorts of potentially interesting things.

MBR malware has been around for a while, and has surfaced again. Check out the McAfee folks analysis of the latest version of a MBR malware: http://www.avertlabs.com/research/blog/index.php/2008/03/23/exploring-stealthmbr-defenses/ .

One of the interesting things is that the malware is self-aware. The program monitors itself, and if the program stops, it restart (and re-infects) the computer.

Malware writers are getting a bit clever.

Leave a Reply

Name and email are required. Your email address will not be published.