Re: Forensic level hard drive tools?
- From: "Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m>
- Date: Thu, 20 Apr 2006 12:11:59 -0700
It is theoretically possible for a virus to update the firmware on a hard
drive so that the area of the drive where the virus exists can't be read by
Windows. It's unlikely because to the best of my knowledge each manufacturer
and probably most models would need custom code to do this. The virus would
only work on drives that it knew about which would severely limit how the
virus spreads. A more likely scenario is an already compromised computer is
accessed remotely and then the drive firmware is updated. Although this is
slightly more likely even this probably wouldn't be done. It would be much
easier to just install a rootkit once you had remote access. So, yes it's
possible. Is it likely? Probably not but who knows. Malware is getting very
creative.
--
Kerry
MS-MVP Windows - Shell/User
Gregg Hill wrote:
Hello!
I have heard that some virus writers are now able to write their
files into a part of the hard drive that antivirus software cannot
detect. It is supposedly the part of the drive where the
manufacturers store their information. Even reformatting the drive
does not get rid of the infection.
Are these claims even true? If so, do you know of any utilities to
detect and/or repair this type of virus or Trojan infection?
Thank you!
Gregg M. Hill
.
- References:
- Forensic level hard drive tools?
- From: Gregg Hill
- Forensic level hard drive tools?
- Prev by Date: Re: Forensic level hard drive tools?
- Next by Date: Re: Forensic level hard drive tools?
- Previous by thread: Re: Forensic level hard drive tools?
- Index(es):
Relevant Pages
|
