davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | reply to SweetNoob
Re: Possible for malware to covertly hide on harddrive sector Bits on a disk can't magically turn into running code. Some already-running code has to read those bits into memory and then execute the bits is has read it.
This means malware has to insinuate itself into somewhere that's going to get executed. The master boot record is one such place. The OS kernel file is another. Any frequently-executed program is yet another. However, the point is that simply being on the disk doesn't do a thing.
And whether it survives a "reformatting" depends on what that reformatting actually does. Certainly the malware bits will no longer be in any file in the OS's file system. If "reformatting" writes to any disk block then the malware bits aren't there either.
There might be some funky stuff possible with the host-protected-area (HAP), which logically doesn't exist as far as the OS is concerned. But the code still has to get executed somehow, so there would need to be a BIOS tie-in. Or at least the OS would need to be compromised by adding a loader program that would load the malware from the HPA. |
|
| said by dave:And whether it survives a "reformatting" depends on what that reformatting actually does.
Also what OP means by "reformatting". Such as, dropping any/all partitions, if any, first and not just format C:/system with existing partitions (if any) still in place. I assume OP means the second but pointing that out in case.
-Jim |
|
