Does Malware Require an OS...

Discussion in 'malware problems & news' started by Searching_ _ _, May 16, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I was wondering, can malware support itself with no reliance on a hosts OS? A.K.A. Bare Metal Malware?
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Welllll I've heard of rootkits that survive reformatting. So if that counts... lol sure.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    There are bootkits that infect your MBR. I don't think those require OS.

    Also, even more rare and dangerous, are ones that infect your BIOS.
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Well I have an infector that writes a partition to USB, CD, and HDD also loads into memory at start up to cause trouble. Maybe some type of agnostic backdoor, no MBR required.
    I have tried to view the partition with a hex editor and the infected device is blacklisted from hex editor access.
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    It burns itself onto every CD/DVD upon inserting a (R/RW) disc into your CD/DVD writer after it has loaded itself into memory?
    Any checksum to share?
     
  6. clayieee

    clayieee Registered Member

    Joined:
    Apr 14, 2011
    Posts:
    261
    i would say yes, it requires one. because every malware has its target
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    No, I don't think it is doing that, but when you write to the CD-R it does too. It's not making itself part of the file your copying but precedes or follows it onto the media. Doing it's copy routine only if loaded in RAM, I guess. This would make every thing you do suspect, backups, distros, flash drives. When you do a checksum of the .iso it's good, but the media itself is infected.
    If I can do some basic checks and can confirm it is what I think, I'll let you know the checksum, sure.
     
    Last edited: May 20, 2011
Loading...
Thread Status:
Not open for further replies.