As if rootkits weren’t enough of a pain to identify, we may be seeing the introduction of a new piece of malware. Called the bootkit, it has many of the traditional features you would find in a rootkit, only that it loads itself inside of a computer’s boot sector. This means that a computer will already be completely compromised before the operating system even loads up. Thankfully, it only affects Vista at the moment, but I wouldn’t be surprised if this changes in the not-too-distant future.

Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the “features” of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista’s product activation or avoid DRM.

Could you introduce yourself?

Nitin Kumar: I am a 23 years old graduate from India. I am passionate about computers. The best part about me is that I never give up something till I give a try to it. I like coding in C and asm. I like Reverse Engineering. In free time I usually pick up something and try to understand that. Vista is new and have many new security features, so we thought of creating something for Vista.[more]

Tags: Malware