[dundee] Researchers discover an 'indestructible' botnet

Robert Ladyman it at file-away.co.uk
Tue Jul 5 21:18:52 UTC 2011


I don't see it as a major problem - you can copy an MBR using dd either to or 
from the drive. If the virus can write to the MBR, then so can you. Not only 
that, you could just use another hard disc (the MBR is on the disk, not the 
PC).

> Seemly some researchers have found an indestructible botnet on Windows
> machines where the malware installs itself within the MBR (Master Boot
> Record). Now my question is that, "On machines that are multi-booting e.g.
> where Windows and Linux machines are used on one computer  and either GRUB
> or GAG boot loader is used and installed within the MBR for booting
> systems", what will be the effectiveness of this malware? Maybe the ethical
> hacking crowd can give some answers and guidance on this.
> 
> http://www.newscientist.com/blogs/onepercent/2011/07/researchers-discover-i
> ndestruc.html
> 
> Gordo
> 

-- 
Robert Ladyman
File-Away Limited
3 Ralston Business Centre, Newtyle, Blairgowrie
Perthshire  PH12 8TL SCOTLAND
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk

============================================
Registered Office: 32 Church Street, Newtyle, Blairgowrie
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086




More information about the dundee mailing list