LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-06-2013, 04:29 PM   #1
junior-s
Member
 
Registered: Apr 2013
Location: Brazil
Distribution: Arch Linux
Posts: 137

Rep: Reputation: Disabled
Chances of an MBR infection?


I was wondering what are the chances of getting an MBR infection just by running an infected Windows HD along my Linux one? I forgot to tell BIOS to boot from my drive so the Windows one (of a friend) booted instead.

Checked with rkhunter and nothing.

I always backup my MBR but I didn't do so since my last Arch install.

Last edited by junior-s; 10-06-2013 at 05:32 PM.
 
Old 10-06-2013, 04:43 PM   #2
Doc CPU
Senior Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Mint, Debian, Gentoo, Win 2k/XP
Posts: 1,099

Rep: Reputation: 343Reputation: 343Reputation: 343Reputation: 343
Hi there,

Quote:
Originally Posted by junior-s View Post
I was wondering what are the chances of getting an MBR infection just by running an infected Windows HD along my Linux one?
if you just connect the potentially infected drive as a second one? Close to zero. For a worm or virus or whatever to become effective, its code has to be executed.

Quote:
Originally Posted by junior-s View Post
I forgot to tell BIOS to boot from my drive so the Windows one (of a friend) booted instead.
That's a completely different story. If you boot your system from an infected HDD, even though accidentally, you're at a high risk of executing the malicious software as well. It's even possible that the OS on the external HDD won't boot (because it can't deal with your hardware), but the viral part does and infects your primary HDD. Note that viruses that start from the MBR are being executed even before the OS loads and are thus OS agnostic - they can affect a Linux-based system as well as Windows.

Quote:
Originally Posted by junior-s View Post
I always backup my MBR but I didn't do so since my last Arch install.
In that case, I wouldn't trust any part of my system any more, and rather do a full disaster recovery from the most recent backup before that accident, including re-partitioning the drive. Just in case. Once the virus (if there is one) is being started, more than just the MBR may be damaged.

[X] Doc CPU
 
Old 10-06-2013, 04:46 PM   #3
junior-s
Member
 
Registered: Apr 2013
Location: Brazil
Distribution: Arch Linux
Posts: 137

Original Poster
Rep: Reputation: Disabled
In fact, I had a copy of my MBR on 4shared. I restored it (with the command dd) and it worked.

I have all my partitions encrypted except boot. Maybe I'll do a nuke on it with 'dd' and then re-install grub there.
 
Old 10-06-2013, 05:20 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Quote:
Originally Posted by junior-s View Post
Checked with rkhunter and nothing.
Just to clarify: RKH doesn't check for MBR viruses and neither should it be the only tool in your arsenal. Also choose the right tool for the job: if you need to scan non-Linux products then you best use a malware / virus scanner meant for that platform.
 
Old 10-06-2013, 05:31 PM   #5
junior-s
Member
 
Registered: Apr 2013
Location: Brazil
Distribution: Arch Linux
Posts: 137

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Just to clarify: RKH doesn't check for MBR viruses and neither should it be the only tool in your arsenal. Also choose the right tool for the job: if you need to scan non-Linux products then you best use a malware / virus scanner meant for that platform.
I don't have non-Linux products. My machine runs only Linux.
I'm marking this thread as solved, I'm gonna nuke this drive and save encrypted copies of the MBR and boot partitions after re-isntalling.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ubuntu Phone OS – What Are Its Chances? LXer Syndicated Linux News 0 01-03-2013 07:21 PM
Which program can boot a copy of the MBR (fake MBR) using mbr.bin Xeratul Linux - Software 6 12-03-2010 11:40 PM
What are my chances of getting this MyBook working? davidstvz Linux - Hardware 7 09-18-2008 05:27 PM
Chances for an update to gtk-2.12 in -current ? Camarade_Tux Slackware 15 01-09-2008 09:59 AM
What are the chances? BajaNick General 14 09-13-2003 10:49 PM


All times are GMT -5. The time now is 07:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration