Windows XP and Windows Vista MBR Rootkits
It was only a matter of time and determination.
Discovered in December 2007, rootkit writers have the ability to install rootkits as a non-privileged user via the Master Boot Record. The disappointing fact is that this is not a new avenue of attack; MBR viruses have existed for the past dozen years. Theoretically if you can control the MBR of a host you can manipulate the operating system.
The known MBR rootkits (and variants) cannot be removed while the OS is running. Booting into the Recovery Console and running FIXMBR will successfully remove the rootkit and restore the pristine boot record. Now, couple this rootkit with a zero day exploit that can overwrite the MBR once the system boots and you’ve got a rather annoying infestation.
For more details on the Master Boot Record read this.
Symantec has more information on the rootkit and can be found here.
Network Security Professionals Professing Network Security!