David W. Hodgins submitted this idea :
> On Mon, 04 Aug 2014 10:46:04 -0400, FromTheRafters 
>  wrote:
>
>> Virus Guy wrote on 8/4/2014 :

No, I wrote that.

>> Isn't a Microsoft Word document a file?
>
> Yes
>
>> Is a bootsector a file?
>
> No. It's the first sector of the drive being booted from, though
> many boot loaders will also use additional sectors, up to the 64th
> sector, as that was the standard location for starting the first
> partition on old ata hard drives.
>
>> Is BIOS a file?
>
> No. It's usually an eprom chip on the motherboard, that is used
> during startup to find the hard drive to boot from, and then load
> the boots ector from that drive, and then transfer control to the
> code from that boot sector. I say usually, as some older mother
> boards used a prom, so a bios update required replacing the chip.

Exactly so. My point to VG was, malware start method persistence not 
based on a file is nothing new.

Granted, the approach being used is interesting. I wonder if Virus 
Guy's modified Win98 still has the decoder - he might have eradicated 
it. I don't think it is strictly necessary, looks like just obfuscation 
related.


--- NewsGate v1.0 gamma 2