Chances of an MBR infection?
 

I was wondering what are the chances of getting an MBR infection just by running an infected Windows HD along my Linux one? I forgot to tell BIOS to boot from my drive so the Windows one (of a friend) booted instead.

Checked with rkhunter and nothing.

I always backup my MBR but I didn't do so since my last Arch install.

Hi there,

if you just connect the potentially infected drive as a second one? Close to zero. For a worm or virus or whatever to become effective, its code has to be executed.

That's a completely different story. If you boot your system from an infected HDD, even though accidentally, you're at a high risk of executing the malicious software as well. It's even possible that the OS on the external HDD won't boot (because it can't deal with your hardware), but the viral part does and infects your primary HDD. Note that viruses that start from the MBR are being executed even before the OS loads and are thus OS agnostic - they can affect a Linux-based system as well as Windows.

In that case, I wouldn't trust any part of my system any more, and rather do a full disaster recovery from the most recent backup before that accident, including re-partitioning the drive. Just in case. Once the virus (if there is one) is being started, more than just the MBR may be damaged.

[X] Doc CPU

In fact, I had a copy of my MBR on 4shared. I restored it (with the command dd) and it worked.

I have all my partitions encrypted except boot. Maybe I'll do a nuke on it with 'dd' and then re-install grub there.

Just to clarify: RKH doesn't check for MBR viruses and neither should it be the only tool in your arsenal. Also choose the right tool for the job: if you need to scan non-Linux products then you best use a malware / virus scanner meant for that platform.

I don't have non-Linux products. My machine runs only Linux.
I'm marking this thread as solved, I'm gonna nuke this drive and save encrypted copies of the MBR and boot partitions after re-isntalling.