The Return of MBR Malware

The Return of MBR Malware

My security awareness training began on 1997-04/08. That is when the company that I worked with, ISC, came down with a bad case of the Monkey.B virus.

At ISC, we used several boot repair floppies. Many of these I created myself. They ran batch repair jobs to handle minor things like diagnostics and system burn-in. We had no policy for scanning the boot floppies for viruses. Never really occurred to us, for some reason. Then one day — April 8th — I noticed that a client’s computer had suddenly began acting strange.

Over the next ten days, we realized that all of our boot floppies had been infected with an as of yet unknown varient of Stoned.Monkey. Both McAfee and Dr Solomons failed to recognize this varient. F-Secure’s tool did, thankfully, and we were able to recover the client’s machine. In the next few weeks, we paid housecalls to our clients … many of whom we had infected during our diagnostic work.

With that as a background, I found it interesting that rootkits have returned to mbr infections.

Excuse me sir: there’s a rootkit in your master boot record
http://www.theregister.co.uk/2008/01/09/mbr_rootkit/

Posted by