Guntior bootkit up to new tricks The resurrection of master boot record (MBR) infection techniques has been common for a while now. What is a Bootkit ? Families of malware that start before windows boots use this technique to bypass security mechanisms . TDL and Sinowal were the first widespread, sophisticated threats to adopt bootkit infection techniques. Copycats and variations followed, ranging from those that completely overwrite the MBR with a malicious loader to ones that manipulate values to alter loading offsets to hijack the boot process. One bootkit that has been out for a while now is the Chinese bootkit Guntior. Like other bootkits, Guntior will hook I/O request packet (IRPs) handlers in order to hide the existence of the malicious MBR that it writes to sector 0. Bootkits share some similar techniques when it comes to hiding their existence and hijacking the boot process to inject malicious code in ring 0.
Posted on: Mon, 17 Jun 2013 14:23:28 +0000
Trending Topics
Recently Viewed Topics
© 2015