Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Check the boot sector. If I need to spoon feed you, then you shouldn't be running code you don't understand, noob.


As I carefully explained, the boot sector was completely unchanged. However, I'm sure we would all deeply appreciate a link or two to your undoubtedly significant body of work on the web. The way you boldly buck mainstream orthodoxy by replacing the familiar "rootkit" with "root-kit", along with the vigorous application of name calling instead of salient facts, points to a mind unfettered by mere convention. Before tearing myself away from this enlightening discussion, a final word: having registered with this site a mere 4 hours ago, it is perhaps a tad imprudent of you to be wielding the "noob" monicker so injudiciously.


> the boot sector was completely unchanged

perhaps it installs "blue pill."


perhaps it installs "blue pill."

Blue Pill doesn't run under Intel Celeron, older Pentium Dual-Core, or Pentium M processors (which lack the necessary VT technology), so if such a payload were included, it wouldn't load on my test system.

For those who want to test it, here are some ideas on blocking and detecting Blue Pill-like infections:

http://northsecuritylabs.blogspot.com/2008/06/catching-blue-...

More information:

http://en.wikipedia.org/wiki/Blue_Pill_(malware) http://en.wikipedia.org/wiki/Intel_VT


It is conceivable that a Blue Pill-like rootkit could be implemented purely in software, in a manner similar to the pre-hypervisor VMWare.


It is conceivable that a Blue Pill-like rootkit could be implemented purely in software

My only concern was searching for persistent infections.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: