A Boot Sector Virus is a virus that infects the ‘boot sector’ of floppy disks or the ‘Master Boot Record’ (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system starts from an infected disk, but once loaded it will infect other floppy disks when accessed inside the infected computer. While these viruses infect at a BIOS level, they use DOS commands to spread to other floppy disks. For this reason, they started to fade from the scene after the appearance of Windows 95. Today, there are programs run by script kiddies known as ‘bootkits’, similar to ‘rootkits‘, that write their code to the ‘Master Boot Record’ as a method of loading early in the start-up process and then concealing the actions of malware running under Windows.
Boot sector viruses are frequently spread through physical media. An infected floppy disk or USB drive connected to a computer will transfer when the drive’s code is read, then modify or replace the existing boot code. The next time a user tries to boot their desktop, the virus will be loaded and run immediately as part of the master boot. It’s also possible for email attachments to contain boot virus code. If opened, these attachments infect the host computer and may contain instructions to send out further batches of email to a user’s contact list to spread their infections far and wide.
Additional Reading: COVID-19 Malware That Wipes Your PC and Rewrites Your MBR
How do Boot Sector viruses impact SMBs?
Preventing Boot Sector viruses from installation is the best recipe to follow. Do this by ensuring all computers run up-to-date antivirus software. If you’re still using floppy disks (CyberHoot has seen this still in 2020), be sure to scan them for viruses before inserting them into your computer. Do not trust USB sticks either and scan them before using them with your favorite Antivirus program.
I may have a Boot Sector Virus, what should I do?
Removing a boot sector virus can be difficult because it may encrypt the boot sector. In many cases, users may not even be aware they have been infected with a virus until they run an anti-virus protection program or anti-malware scan. As a result, it is critical for users to rely on continually updated virus protection programs that have a large registry of boot viruses and the data needed to safely remove them. If the virus cannot be removed due to encryption or excessive damage to existing code, the hard drive may need reformatting to eliminate the infection.