It modified the loaded OS by hooking itself, and stayed resident in RAM in order to infect other floppies, intercepting disk accesses and overwriting their system boot sectors with its own code.
Īlthough Elk Cloner preceded PC boot sector viruses by several years, its method of boot sector infection was very similar. In general, though, the ‘credit’ for the ‘first’ Apple II virus is given to Rich Skrenta’s Elk Cloner (1982–3). Around 1981, there were already versions of a ‘viral’ DOS reported at Texas A&M. At that time, Apple II diskettes usually contained the disk operating system. The first microcomputer to have been affected by viral software seems to have been the Apple II. In fact, attacks on the PC boot sector were already known from (and even before) the days of MS-DOS, and these have a part to play in our understanding of the development of approaches to taking over a system by compromising and hijacking the boot process. The first IBM-PC-compatible boot sector viruses from 1987 used the same concepts and approaches as modern threats, infecting boot loaders so that the malicious code was launched even before the operating system was booted. We will focus on various attack vectors against UEFI and discuss available tools and what measures should be taken to mitigate against them. Proof-of-concept bootkits targeting Windows 8 using UEFI have already been released. Secondly, we will look at the security of the increasingly popular UEFI platform from the point of view of the bootkit author as UEFI becomes a target of choice for researchers in offensive security. We will review their infection approaches and the methods they have employed to evade detection and removal from the system. First, we will summarize what we have learned about the bootkits seen in the wild targeting the Microsoft Windows platform: from TDL4 and Rovnix (the one used by the Carberp banking trojan) up to Gapz (which employs one of the stealthiest bootkit infection techniques seen so far). The aim of this presentation is to show how bootkit threats have evolved over time and what we should expect in the near future. So, are UEFI-based machines immune against bootkit threats (or would they be)? However, these bootkits are not effective against UEFI-based platforms. The most recent notable spike in bootkit infections was associated with attacks on 64-bit versions of the Microsoft Windows platform, which restrict the loading of unsigned kernel-mode drivers. Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish a persistent and stealthy presence in their victims’ systems.
0 kommentar(er)
