Some days ago MR Team members warned that a new stealth technique was being used by some rootkits.
When this type of malware is run in a system, it makes a copy of the original MBR in the absolute sector 62 of the hard disk and overwrites the one existing in the sector 0 with malicious instructions. Additionally, it installs itself at the end of the hard disk, being its code of approximately 240kb in size.
The next time the computer is started, the first sector of the drive will be loaded before the operating system. The first sector of the drive contains the modified MBR, whose code will load the other part of the malware (~240Kb). This part, in turn, is responsible for the network communication established between the operating system and the BIOS interruption 13h, hiding the modified MBR and the malicious code.
This technique allows any type of malware to be camouflaged in the system, making its detection more difficult.
Thanks to Xabier Francisco & Arrizen Pérez for this one!