Bootkits are an advanced form of rootkits that take the basic functionality of a rootkit and extend it with the ability to infect the master boot record (MBR) or volume boot record (VBR) so that the bootkit remains active even after a system reboot.
Bootkits are designed to not only load from the master boot record but also remain active in the system memory from protected mode through the launch of the operating system and during the computer s active state.
Anti-Malware Tools vs. Bootkits
A key feature of a bootkit is that it is unable to be detected by the typical means of an operating system or anti-malware tool because its components reside completely outside of the standard file systems. And while most anti-malware tools will simply delete or quarantine files that have been infected, because a bootkit infects the master boot record, these tools aren t able to delete or move the MBR without damaging the computer. As a result, bootkits can be an extremely problematic type of malware. According to Kaspersky Lab, there is good news in that in many cases, systems infected by a bootkit can be cleaned with the TDSSKiller utility.
Three highly publicized examples of bootkits are the Stoned Bootkit, Evil Maid Attack and Alureon.
