Bootkits in legitimate software

Discussion in 'other security issues & news' started by MrBrian, Dec 23, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.securelist.com/en/analysis/204792203/Legit_bootkits:
     
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    A more appropriate title would be this lol :p :
    "Legit bootkits in Instant System Recovery/Restore Software"

    Anyway, it was a very interesting read that is quite revealing, although a few details have been quite known here (although in simplified terms) such as partition editing tools are not to be used in conjunction and most (if not all) ISR software fails again malware that tries to modify/infect the MBR. LUA can help to defend against this but for processes running with administrative privileges (either through privilege escalation or mistaken trust and execution by admin), they would benefit from something like MBRGuard. Just take note that MBRGuard is no longer offered as a stand-alone program by BlueRidge and is incorporated into AppGuard instead. X86 users who has a copy of MBRGuard can make use of it ;)
     
Loading...
Thread Status:
Not open for further replies.