In 2005 Derek Soeder and Ryan Permeh, researchers from eEye Digital Security, presented eEye BootRoot. The technique used in their project wasn’t new and had been popular in DOS times, but they first successfully used it in Windows NT Environment. The eEye Digital Security researchers skipped one part – BootRoot didn’t hide the real content of affected sectors like old DOS Stealth MBR viruses, but it had only been created to show the possible way to compromise Windows NT OS.
Unfortunately, all the Windows NT family (including VISTA) still have the same security flaw – MBR can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected!
Malware, Trojan, Rootkits, MBR, DOS, Windows, Windows Vista, Windows XP, Windows NT, Security, Threat