Does Malware Require an OS...

Discussion in 'malware problems & news' started by Searching_ _ _, May 16, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I was wondering, can malware support itself with no reliance on a hosts OS? A.K.A. Bare Metal Malware?
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Welllll I've heard of rootkits that survive reformatting. So if that counts... lol sure.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    There are bootkits that infect your MBR. I don't think those require OS.

    Also, even more rare and dangerous, are ones that infect your BIOS.
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Well I have an infector that writes a partition to USB, CD, and HDD also loads into memory at start up to cause trouble. Maybe some type of agnostic backdoor, no MBR required.
    I have tried to view the partition with a hex editor and the infected device is blacklisted from hex editor access.
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    It burns itself onto every CD/DVD upon inserting a (R/RW) disc into your CD/DVD writer after it has loaded itself into memory?
    Any checksum to share?
     
  6. clayieee

    clayieee Registered Member

    Joined:
    Apr 14, 2011
    Posts:
    261
    i would say yes, it requires one. because every malware has its target
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    No, I don't think it is doing that, but when you write to the CD-R it does too. It's not making itself part of the file your copying but precedes or follows it onto the media. Doing it's copy routine only if loaded in RAM, I guess. This would make every thing you do suspect, backups, distros, flash drives. When you do a checksum of the .iso it's good, but the media itself is infected.
    If I can do some basic checks and can confirm it is what I think, I'll let you know the checksum, sure.
     
    Last edited: May 20, 2011
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.