Focus on Linux
Write-protect sctors? Aug 25 2006 06:18PM
scott (redhowlingwolves bellsouth net) (2 replies)
Re: Write-protect sctors? Aug 28 2006 04:44PM
Florian Specker (florian specker li) (1 replies)
Hi Scott,

did you consider the possibility that the bad sector was not caused by
the rootkit? It's not uncommon that a disc contains bad sectors, which
you only remark when you actually read such a sector (or the whole disc,
e.g. dd it to another disc). Try to low-level format the disc after
investigating the incident.

Another possibility is some SMART-related function, but that is pure
speculation, as I don't know too much about these features.

Cheers & good luck cleaning up,

scott wrote:
> I had a probable rootkit in ubuntu dapper that proved to be more
> persistent than I thought possible.I did rkhunter and showed some
> anomalies in /dev/...Trying to track those dir's down proved
> elusive,even with root enabled(in ubuntu,root is disabled by default.You
> can still sudo, but no su without certain switches,)the dir's
> effectively hid from my view.
> So I decided to reinstall a clean slate.This is when I encounter
> problems that don't make sense.
> As the install progresses to the partitioning of the disc,I opt for the
> erase whole disc option.It progresses to a certain point and then quits
> with an error..repeatedly.
> I filed a bug report with launchpad,but my question is this:Can any
> malware you are aware of write-protect certain segments of a HD,without
> BIOS support?Or is there a BIOS trojan that I'm not aware of in Linux?Is
> this even possible with a hardened system?
> Is this even possible in any system,Windows included?
> What I.m asking is : Can any malware write-protect sectors on a HD that
> survive repartioning?
> Sounds really crazy,huh?
> Thanks,Scott

[ reply ]
Re: Write-protect sctors? Sep 06 2006 02:55PM
Alex Butcher (alex butcher bristol ac uk)
RE: Write-protect sctors? Aug 28 2006 04:01PM
Bill Church (Bill Church bsius com)


Privacy Statement
Copyright 2010, SecurityFocus