My power over you
grows stronger yet
(с) Andrew Lloyd Webber – Phantom Of The Opera
In the ongoing battle between malware and anti-malware technologies, there’s an interesting game that keeps getting played over and over – king of the castle.
The rules are simple: the winner is the one who loads itself into the computer memory first, seizes control of the ‘levers’, and protects itself from other applications. And from the top of the castle you can calmly survey all around and guard the order in the system (or, if you’re malicious, on the contrary – you can cause chaos, which goes both unnoticed and unpunished).
In short, the winner takes all, i.e., control over the computer.
And the list of applications wanting to do the boot process first begins with (as the name might suggest) the boot sector – a special section of the disk that stores all the instructions for what, when and where to load. And, terror of terrors, even the operating system sticks to this list! No wonder cybercriminals have long taken an unhealthy interest in this sector, since abusing it is the ideal way to get first out of the blocks while completely hiding the fact that the computer is infected. And the cybercriminals are helped in this by a particular class of malware – bootkits.
How your computer loads
To find out what bootkits are and how we protect you against them – read on…