Good evening, I ask you a clarification only: Trojans, rootkit and other evolved malware, "lurk" only inside disks or system partitions ( where an operating system run) or even in data partitions or archives?? In other words, any malware need an OS to run, it's right?
there are MBR viruses so that is outside the OS. BIOS virus? maybe but not sure if thats theoretical or rare.
Malware can exist on any form of digital media including firmware in any type of intelligent device. The MBR is part of a hard drive. Theoretically, malware could be loaded into the BIOS via the flash update process.
Yup, there're actual malware which hide malware in e.g. picture, but to execute this hidden malware attacker need executable or script. BIOS rootkit is not just theoretical threat.