Windows Pre-Boot Malware Puts Financial Industry At Risk

Status
Not open for further replies.
"FireEye suggested that re-installing the operating system is no longer a sufficient method of getting rid of certain types of malware. The solution against this type of threat is to use tools that can access and search raw disks at scale for evidence of bootkits, or the disks should be physically wiped before installing the operating system."

Who would ever just reinstall the OS thinking that would take care of any virus, especially one buried deep in the MBR? Paying money for a good anti-virus and anti-malware program is worth it for we users who care about our personal data protection.

Of course, the corporate bean counters do not see the budget of their IT departments as high priority. Used to drive me nuts when I worked in one. Talk about having a hand tied behind your back when employees would constantly complain about slow computers and whatnot.
 

Alec Mowat

Honorable
Jan 8, 2014
3,244
0
13,460
346
Who would ever just reinstall the OS thinking that would take care of any virus, especially one buried deep in the MBR? Paying money for a good anti-virus and anti-malware program is worth it for we users who care about our personal data protection.
Most people.

Most people won't even update their Windows from 7 to 10 because they're afraid it's not compatible with ancient software programs.
 

DrakeFS

Reputable
Aug 11, 2014
95
0
4,640
1
Most people.

Most people won't even update their Windows from 7 to 10 because they're afraid it's not compatible with ancient software programs.
This is more about enterprise PCs and not personal PCs. I could care less if family member, friend, random stranger, etc.. got this virus. However, I would like to know what finical company does not have a wipe apart of the image process... that way I know what finical company to avoid.
 

mrjhh

Distinguished
Sep 18, 2007
31
0
18,530
0
I doubt that the GPT limitation will last long. Secure boot isn't a panacea, the firmware can also be replaced with interesting code in the ACPI code running at the highest trust level, whether it's UEFI or BIOS. While UEFI is required for secure boot, there isn't much to prevent bad firmware from being installed with just Secure boot. A TPM can provide more security, but almost nothing has a TPM installed. But even that requires external verification of TPM signatures, and that external verification becomes the next weak link in the chain. But, a TPM doesn't prevent installation of buggy firmware or OS, it only verifies that the expected firmware/OS is installed. When new firmware/OS is approved and installed, the old signatures have to be removed to prevent the old/buggy firmware/OS from being allowed.
 

warezme

Distinguished
Dec 18, 2006
2,430
36
19,840
20
Most people.

Most people won't even update their Windows from 7 to 10 because they're afraid it's not compatible with ancient software programs.
That's where you would be mistaken. Up until a week or so ago Enterprise version of Symantec antivirus suite was not compatible with Windows 10. Some specialty educational very necessary programs like Examsoft took a long time to become compatible, causing students who updated right away or buy a new laptop to have to blue-book early exams. These are all examples of current software and I'm sure there are many such examples in the corporate world.

Sure if all people do is internet and facebook then sure Windows 10 is no problem.
 

jimmysmitty

Champion
Moderator


A proper reinstall deletes the old MBR and re-partitions the HDD anyways. That is how I do my "clean" installs. Any other way is not a "clean" install.

 

Alex Atkin UK

Honorable
Jun 11, 2012
48
0
10,540
1
So wouldn't formatting fix this?
Possibly not, because formatting would not necessarily wipe out the MBR or the hidden partition the malware has created.

If course of you wiped the whole drive and switched to a GPT partition scheme, that would wipe it and prevent reinfection. Not sure how easy that is to do from Windows installer though, I always use a Linux LiveCD/USB for partitioning.
 

Quixit

Reputable
Dec 22, 2014
1,359
0
5,960
275
So wouldn't formatting fix this?
Possibly not, because formatting would not necessarily wipe out the MBR or the hidden partition the malware has created.

If course of you wiped the whole drive and switched to a GPT partition scheme, that would wipe it and prevent reinfection. Not sure how easy that is to do from Windows installer though, I always use a Linux LiveCD/USB for partitioning.
Yes, formatting doesn't touch the MBR. The current Windows installer has full featured partitioning, including resizing existing partitions and changing partition tables to GPT so that wouldn't be a problem.
 
Status
Not open for further replies.

ASK THE COMMUNITY