2 min read

New Bitdefender Tool Allows Bootkit Disinfection

Bogdan BOTEZATU

December 21, 2011

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New Bitdefender Tool Allows Bootkit Disinfection

It goes without saying that bootkit infection can dramatically impact users`security. Bootkit removal is extremely delicate, as bootkits live outside the file system and can manipulate security checks by returning a copy of the pristine master boot record whenever an antivirus or forensic utility is run atop of the compromised OS.

That is why we developed a tool that can detect and remove all known variants of bootkits. The tool is available for free on the Malware City Downloads section and can be used on both 32- and 64-bits of Windows.

Download the Bootkit Removal Tool

Bootkits, rootkits – what is all this about?

Rootkits are specially crafted to hide the presence of other files or processes on the system by manipulating normal methods of detection. Since kernel-mode drivers run with higher privileges on the compromised system, they are also used to allow regular malware access to critical areas of the operating system.

Although extremely powerful, rootkits have limitations. One is the fact that security measures on 64-bit operating systems prevent them from installing themselves unless they have a valid digital signature. In short, upon the early stages of the operating system initialization, security checks filters benign (i.e. antivirus defense mechanisms) and malicious rootkits and stops the latter from infecting 64-bit machines.

The bootkit a rootkit on steroids

Here is where bootkits get into the spotlight. Bootkits are special rootkits that load their code from a special area of the system, known as the Master Boot Record, that gets full control right after the BIOS has delegated the appropriate boot device. The MBR is responsible for initializing the operating system loader, which would subsequently load the kernel that checks whether a 64-bit kernel-mode driver is digitally signed. If it`s not, it is prevented from loading, blocking the rootkit infection at a very early stage. However, if the MBR gets compromised, the bootkit is able to patch the kernel digital signature validation checks, the final barrier that would prevent an unauthorized kernel-mode rootkit from loading. This is the case with the notorious TDL-4 rootkit that can easily compromise 32- and 64-bit of operating systems alike.

All your data are belong“to us

Full HDD encryption has been touted as the de-facto norm for safely storing highly sensitive information, such as sales reports, intellectual property, prototypes and other critical assets of a business. However, most HDD decryption modules are stored unencrypted in the master Boot Record area, which means that all the data stored on the affected disk can be transparently decrypted by the rootkit.

This tool is available courtesy of the Bitdefender Antirootkit Team.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read