English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

1492 Posts

05-29-2010

SG

2876 Signins

58997 Page Views

  • Posts: 1492
  • Registered: ‎05-29-2010
  • Location: SG
  • Views: 58997
  • Message 1 of 3

Would there possibly be GPT virus in the near future? [malware event]

2011-11-28, 5:57 AM

Hi all

In the past, there are Boot sector virus that affects Master Boot Record and prevent your computer from booting correctly. 

 

Would there possibly be any GPT virus in the near future? and does our current system board provides this kind of protection? (In the past, there is an option for Virus Protection in the BIOS)

 

Would this kind of threats causes damage to the system board?

Please advise :D

Cheers :smileyvery-happy:

Peter
(Current: W520 4284-A99) (Refunded: W510 4876-A11)

=============================================
Does someone’s post help you? Give them kudos as a reward, as they will do better to improve :smileyvery-happy:

Mark it as solved if the solution works for you, so it could be reference for others in the future :smileyvery-happy:

 

Dolby Home Theater v4 (ThinkMix V2)!

http://forums.lenovo.com/t5/W-Series-ThinkPad-Lapt​ops/W520-Sound-Enhancement-Thread/m-p/451401#M155... 

Solved! See the solution
Reply
Options

3745 Posts

12-02-2007

US

9015 Signins

187558 Page Views

  • Posts: 3745
  • Registered: ‎12-02-2007
  • Location: US
  • Views: 187558
  • Message 2 of 3

Re: Would there possibly be GPT virus in the near future?

2011-11-28, 9:12 AM

Hello,

 

Most of the malware we see involving the Master Boot Record these days is in the form of bootkits, which is a specialized kind of rootkit that attacks the Master Boot Record or the Volume Boot Record which follows it on a disk.  It is rare to see an actual MBR virus these days, although the vector is making a comeback for other attacks, mostly to get around things like code-signing under 64-bit versions of Microsoft Windows.

 

A GPT actually starts with a Master Boot Record for legacy compatibility, so an attacker would probably just need to make sure they took the GPT's presence into consideration, so as not to accidentally overwrite any of it.  I suppose an attacker could also create a new partition via the GPT in order to store attack code that they did not want to store on the other partition(s) on the computer.

 

Microsoft has proposed implementing UEFI Secure Boot on new computers sold with Windows 8 to increase protection against these types of attacks.

 

Questions about system boards I am going to leave to Lenovo, as they are going to be more familiar with those than I. 

 

As far as attacks on hardware goes, most of those would center around the BIOS, I suppose.  There was a virus for Windows 95 called Win95/CIH which overwrote some BIOSes on motherboards as part of the damage it did to systems, but as far as I know, it is extinct.  More recently, a trojan called Mebromi has appeared which adds a module to the BIOS to further spread the infection.  Recovery in either case would involve re-writing the BIOS with a clean copy.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community

0 person found this solution to be helpful.

This helped me too

Reply
Options

14 Posts

11-03-2011

United States

15 Signins

295 Page Views

  • Posts: 14
  • Registered: ‎11-03-2011
  • Location: United States
  • Views: 295
  • Message 3 of 3

Re: Would there possibly be GPT virus in the near future?

2011-12-01, 21:05 PM
You had asked:
"Would there possibly be any GPT virus in the near future?"

...and I'm afraid, the future is now. ESET has a nice blog posting that describes it well.

The GPT virus is not only possible, it's now a reality that we have been dealing with most recently. What protection is available? Keep your system and software up to date, keep an antivirus product on board, and avoid peer to peer and bootlegged software.
Microsoft MVP - Consumer Security
Member of Alliance of Security Analysis Professionals
SpywareHammer
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete