Bootkit Malware

Abstract

Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. As all kinds of defendable and detection software protect information system from getting destroyed by malware effectively, these malwares becomes more and more advanced too. Current malware continues to penetrate into the underlying bottom of computer system. Boot-kit is the newest research product. A Boot-kit is a boot virus that is able to hook and patch Operating System to get loaded into the Kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the Master Boot Record is not encrypted. In other words, Boot-kits are an advanced form of rootkits that take the basic functionality of a rootkit and extend it with the ability to infect the master boot record (MBR) or volume boot record (VBR) so that the bootkit remains active even after a system reboot. Boot-kit has powerful latent property and resists to most detection tools, which is fatal to the information security in many ways. In order to research how to detect Boot-kit, we have to understand its working mechanism. The research history and actuality of Boot-kit is introduced firstly. Moreover several important technologies related to Boot-kit are described concretely. Further, the booting process of computer system is analyzed particularly. Then the working mechanism of Boot-kit is presented comprehensively from three categories of Boot-kit.