Intricacies of MBR rootkits

A long long time ago, there was a time where I had a stockpile of viruses and their source code sitting on a floppy somewhere. It was amazing to see how they functioned, and how they attacked the systems.
The most fascinating of them was those that could run in stealth mode, and polymorphers. Polymorphers were viruses that could change themselves and rewrite their code. This took a significant amount of thinking since this virus would mutate and hide itself very well. The other one, stealth, knew how to sneak into the crevices of your computer, never to be found until it dropped its payload.
Obviously things have changed from those times, but it seems that now there’s a new variant called StealthMBRs. A combination of virus and rootkit, it actually rewrites your MBR with a version of its own and then sets up its own defense network. What was fascinating is the way it bypasses virus detection and cleaning since it’s in the MBR and having “feelers” put out when it knows something that isn’t right to restore itself.
All in all, it’s always good to know what you’re up against which is the reason I watch security threads and read things such as the Avert Labs posts. Call it an old fascination of mine.
Photo Credit: (.hj barraza)