Unused Storage Space
Quote: ".... Screw being killed off by an MBR rewrite when one can simply sit inside the hard drive firmware or BIOS and re-inject itself from there."
Yes, I've read about that trend. I don't know whether the BIOS in the computer that I'm using now monitors the MBR, and I don't know of anything that might be verifying the integrity of the HDD firmware.
What these vulnerabilities -- the MBR, Track 0, BIOS and HDD firmware -- have in common is that the executable code that occupies the disk or the chips where the code is stored does not occupy all of the physical capacity that is available for it. Consequently, someone might find a way to store their malware in that "unused" capacity in order to hide it, then find some way to introduce it into the hardware boot before the operating system can stop the malware from loading.
I've been wondering whether solid-state "drives" have vulnerabilities that occur from allocating storage space for a particular purpose when all of that allocation is not used.
