Support in other languages: 
Showing results for 
Search instead for 
Do you mean 

Would there possibly be a virus that attacks the GUID Partition in future?

0
Helpful?
Click ►
Started ‎11-30-2011 by
Modified ‎11-30-2011 by
(280 Views)

Would there possibly be a virus that attacks the GUID Partition in future?

Question

Previously there were Boot Sector viruses that affect the Master Boot records. Once infected your computer cannot boot correctly.

 

Would there be any such viruses that attack the GUID partition in the near future? Are our system boards currently equipped to handle such attacks? An option for Virus Protection in the BIOS was available in the past.

Would such attacks cause damage to the system board? 

Answer

Most of the malware we see today involving the Master Boot Record these days is in the form of bootkits, which is a specialized kind of rootkit that attacks the Master Boot Record or the Volume Boot Record which follows it on a disk.  It is rare to see an actual MBR virus these days, although the vector is making a comeback for other attacks, mostly to get around things like code-signing under 64-bit versions of Microsoft Windows.

 

A GPT actually starts with a Master Boot Record for legacy compatibility, so an attacker would probably just need to make sure they took the GPT's presence into consideration, so as not to accidentally overwrite any of it.  An attacker could also create a new partition via the GPT in order to store the attack code that they did not want to store on the other partition(s) on the computer.

 

Microsoft has proposed implementing UEFI Secure Boot on new computers sold with Windows 8 to increase protection against these types of attacks.


Most attacks on hardware center around the BIOS.There was a virus for Windows 95 called Win95/CIH which overwrote some BIOSes on motherboards as part of the damage it did to systems, but as far as I know, it is extinct.  More recently, a trojan called Mebromi has appeared which adds a module to the BIOS to further spread the infection.  Recovery in either case would involve re-writing the BIOS with a clean copy.