http://news.techworld.com/security/3312839/sophisticated-rootkits-becoming-more-resilient/
TechWorld reports on Oct 24, 2011 about the evolution of TDL4 (also known as TDSS) variants being developed to be resilient to antivirus detection. ESET researchers have been tracking TDL4 botnet. Kernel-mode drivers and user-mode payloads are being rewritten while the rootkit components remain the same. It appears that it is being developed as a crimeware toolkit to be licensed to cybercriminals.
TDL or TDSS is a family of rootkits incorporating detection evasion techniques. Kaspersky Labs estimated that 4.5 million computers have been infected by TDL and its version 4.
New innovations include creating hidden partitions on hard disk with an advanced file system storing its components instead of storing them within MBR. The malicious code and its special boot loader would get executed before the actual Operating System loads.
ComputerWorld also had reported on TDL
http://www.computerworld.com/s/article/9218034/Massive_botnet_indestructible_say_researchers?CID=
Detailed analysis of the bot trojan is available at:
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot
-Joseph Ponnoly
No comments:
Post a Comment