Thanks for the links. The MBR replacement scheme looks really scary to me. I’m not sure how you deal with that.
And the TED video was quite good. If you watched closely you would have heard him say that they can now embed malware in a .jpg. Click on the .jpg and infect your computer. Yikes.
I like TED despite it’s obvious leftist tilt. Very professionally done. Actually a valuable resource.
NOBODY seems to know what to do or how to deal with this particular kind of thing. (Perhaps some more knowledgeable person on this thread might know a bit more...)
I found that paucity of follow-up information a little disturbing. The key verbiage from that website I thought was this:
The rootkit stores data thats required to survive reboots in physical sectors instead of files. This means that the data, including the real payload, is not visible or in any way accessible to normal applications. Therefore the rootkit does not have to hook the normal set of interfaces to keep them hidden.
The MBR is the rootkits launch point. Therefore it doesnt need to make any registry changes or to modify any existing startup executables in order to launch itself. This means that the only hooks it needs to make are used to hide and protect the modified MBR.