Stoned Bootkit

1
Stoned Bootkit
2
Stoned Bootkit

• How it infects
• Uses the following Windows function (usually C)
• CreateFile()
• WriteFile()
• These methods allows infector.exe to infect the
  MBR from Windows
• Stoned bootkit itself infects different sectors
  of the hard disk

3
Stoned Bootkit

• Prevention
• There are alternatives to prevent the
  installation of bootkit
• Not disclosed by the developer however
• But that undisclosed method will not work on
  upcoming Stoned Bootkit v3
• Hence, the best prevention method is to
  write-protect sector 0
• This can be configured in BIOS
• Needs to revert settings whenever OS needs to be
  updated or reinstalled

4
Stoned Bootkit

• Detection
• Always have the latest updated Antivirus running
  real time
• Boot using a bootable antivirus occasionally
• This checks for boot sector viruses undetected at
  Windows level

5
Stoned Bootkit

• If infected
• Use Windows Recovery Console CD to reinstall MBR
• Then run fixmbr
• Reinstalling the MBR does not affect the OS

6
Stoned Bootkits

• Miscellaneous
• MBR alone cannot be encrypted, only the hard disk
  as a whole
• Hard disk encryption does not prevent
  installation of Stoned bootkit
• Primary purpose of encryption is to only secure
  files, doesnt prevent viruses