Stephen Howe

Hi

Any comments on article
http://www.tech.co.uk/computing/inte...917&source=rss

Extract:
>>>>>>>>>>>
"For example we were last week analysing a series of banking Trojans which
infect the user's PC when they surf a web page by using exploits. And what
it does is it writes a modified boot sector to your hard disc.
"Now first of all, writing to the boot sector on a hard drive from within
Windows is supposed to be absolutely impossible, but that's what it does.
And it replaces the very first sector on your hard drive with a modified
version.
So next time you reboot the computer the very first thing you run - before
Windows - is the malware. It loads itself into the memory and then continues
to boot the machine normally.
>>>>>>>>>>>

That seems bad news if true.
But there is no detail on what browser, version of Windows or whether MS has
patches or anything.

Cheers

Stephen Howe

VanguardLH

"Stephen Howe" <sjhoweATdialDOTpipexDOTcom> wrote in message
news:ILOdncMkdKU3zUTanZ2dneKdnZydnZ2d@pipex.net...
> Hi
>
> Any comments on article
> http://www.tech.co.uk/computing/inte...917&source=rss
>
> Extract:
>>>>>>>>>>>>
> "For example we were last week analysing a series of banking Trojans
> which infect the user's PC when they surf a web page by using
> exploits. And what it does is it writes a modified boot sector to
> your hard disc.
> "Now first of all, writing to the boot sector on a hard drive from
> within Windows is supposed to be absolutely impossible, but that's
> what it does. And it replaces the very first sector on your hard
> drive with a modified version.
> So next time you reboot the computer the very first thing you run -
> before Windows - is the malware. It loads itself into the memory and
> then continues to boot the machine normally.
>>>>>>>>>>>>
>
> That seems bad news if true.
> But there is no detail on what browser, version of Windows or
> whether MS has patches or anything.


Oooh, that an infected host is not secure, gee, yeah, like that's some
ground-breaking news, for sure, uh huh. The author just wake up from
a 20-year coma?

David H. Lipman

From: "Stephen Howe" <sjhoweATdialDOTpipexDOTcom>

| Hi
|
| Any comments on article
| http://www.tech.co.uk/computing/inte...917&source=rss
|
| Extract:
>>>>>>>>>>>>
| "For example we were last week analysing a series of banking Trojans which
| infect the user's PC when they surf a web page by using exploits. And what
| it does is it writes a modified boot sector to your hard disc.
| "Now first of all, writing to the boot sector on a hard drive from within
| Windows is supposed to be absolutely impossible, but that's what it does.
| And it replaces the very first sector on your hard drive with a modified
| version.
| So next time you reboot the computer the very first thing you run - before
| Windows - is the malware. It loads itself into the memory and then continues
| to boot the machine normally.
>>>>>>>>>>>>
| That seems bad news if true.
| But there is no detail on what browser, version of Windows or whether MS has
| patches or anything.
|
| Cheers
|
| Stephen Howe
|

It's true.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Stephen Howe

> Oooh, that an infected host is not secure, gee, yeah, like that's some
> ground-breaking news, for sure, uh huh. The author just wake up from a
> 20-year coma?

Nope. But a process being permitted to rewrite the boot sector for Windows
was a new one for me.
I had hoped that the newer versions Windows (XP, Vista) would not permit
this.

Stephen Howe

VanguardLH

"Stephen Howe" wrote in message
news:w7CdnTOtM-WlPEfanZ2dneKdnZydnZ2d@pipex.net...
>> Oooh, that an infected host is not secure, gee, yeah, like that's
>> some ground-breaking news, for sure, uh huh. The author just wake
>> up from a 20-year coma?
>
> Nope. But a process being permitted to rewrite the boot sector for
> Windows was a new one for me.
> I had hoped that the newer versions Windows (XP, Vista) would not
> permit this.


Boot sector viruses have been around for over a decade. Guess that
author has been in a coma for that long.

Stephen Howe

>> Nope. But a process being permitted to rewrite the boot sector for
>> Windows was a new one for me.
>> I had hoped that the newer versions Windows (XP, Vista) would not permit
>> this.
>
> Boot sector viruses have been around for over a decade. Guess that author
> has been in a coma for that long.

Nope. The viruses I knew of were in DOS/Win3.1/Windows 95 days when the boot
sector was not protected, anyone could write to it practically.
You would think that under Win32 proper, the boot sector would be
off-limits.
This speaks more to me about Windows security than my being in a coma.

Stephen Howe

Dustin Cook

"Stephen Howe" <sjhoweATdialDOTpipexDOTcom> wrote in
news:HbqdnU6unP4dEm_anZ2dnUVZ8h-dnZ2d@pipex.net:

>>> Nope. But a process being permitted to rewrite the boot sector for
>>> Windows was a new one for me.
>>> I had hoped that the newer versions Windows (XP, Vista) would not
>>> permit this.
>>
>> Boot sector viruses have been around for over a decade. Guess that
>> author has been in a coma for that long.
>
> Nope. The viruses I knew of were in DOS/Win3.1/Windows 95 days when
> the boot sector was not protected, anyone could write to it
> practically. You would think that under Win32 proper, the boot sector
> would be off-limits.

Why would it be off-limits? You might have a legitimate reason to want to
access it.


> This speaks more to me about Windows security than my being in a coma.

Really not fair to blame windows for someones misuse of a function withen
it.

That's akin to blaming notepad.exe for any porn pages it was used in
creating.


--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility