Re: Handling boot viruses

From: Zvi Netiv (support_at_replace_with_domain.com)
Date: 06/09/04

• Next message: FromTheRafters: "Re: Handling boot viruses"
• Previous message: Parker: "Re: new virus (wuagmsd.exe)"
• In reply to: cquirke (MVP Win9x): "Re: Handling boot viruses"
• Next in thread: FromTheRafters: "Re: Handling boot viruses"
• Reply: FromTheRafters: "Re: Handling boot viruses"
• Reply: cquirke (MVP Win9x): "Re: Handling boot viruses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 09 Jun 2004 18:19:44 +0300

"cquirke (MVP Win9x)" <cquirkenews@nospam.mvps.org> wrote:
> On Mon, 07 Jun 2004 18:15:06 +0300, Zvi Netiv
 
> >> >Boot code does not get transferred from HD to floppy during boot time, i.e. the
> >> >execution of the partition / boot sector loader. Such transfer takes place with
> >> >the OS as intermediary.
>
> >> I don't see how one can be categorical about that, assuming the boot
> >> code is running at all. It's perfectly positioned to write to
> >> diskette, running as it is before the OS loads.
>
> >No boot virus code from those that I disassembled contained routines that will
> >autonomously seek for a floppy to infect. Clearly, boot virus writers preferred
> >to concentrate on infecting the hard drive through their autonomous code.
>
> Nonetheless, the opportunity is there - so I wouldn't want to assume
> it won't happen, especially in the context of unknown malware.

No chance it can happen with the known BSI. Prove me wrong and bring one virus
name that will do that! Or perhaps you claim that someone may still write such
virus? ;-) What for?

--
NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities

---

• Next message: FromTheRafters: "Re: Handling boot viruses"
• Previous message: Parker: "Re: new virus (wuagmsd.exe)"
• In reply to: cquirke (MVP Win9x): "Re: Handling boot viruses"
• Next in thread: FromTheRafters: "Re: Handling boot viruses"
• Reply: FromTheRafters: "Re: Handling boot viruses"
• Reply: cquirke (MVP Win9x): "Re: Handling boot viruses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: computer virus usegroups ... New Virus Stealing Information from Computer Users ... You can infect ... attempt to download from a Russian website. ... Internet Explorer to protect users of its Internet Explorer browsers ... (sci.med.diseases.lyme) Re: Data Does Not Lie ... retroviruses in humans, chimps, and gorillas. ... infect germline cells and once ... It seems the only thing needed is for the virus to have ... (talk.origins) Remote Shell Trojan: Threat, Origin and the Solution ... At the 5th of September Qualys released a Security Warning regarding a Linux ... This virus was called the "Remote Shell Trojan" (RST) and it ... infect all binaries in /bin and the current working directory. ... (Incidents) Remote Shell Trojan: Threat, Origin and the Solution ... At the 5th of September Qualys released a Security Warning regarding a Linux ... This virus was called the "Remote Shell Trojan" (RST) and it ... infect all binaries in /bin and the current working directory. ... (Bugtraq) Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client ... Does this "virus" only affect Linux hosts? ... while I don't think there is any way for this virus to infect any other ... Stop me if I'm wrong - but this thread was originally about apache exploits. ... > sure the port is 'open': If I would find which pid was causing the port ... (Vuln-Dev)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2004-06