The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we’ve spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on […]
[News from my colleagues in Russia, Aleksandr Matrosov and Eugene Rodionov.]Recently, we had a stroke of luck: our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen previously. It took some time to find out what it is intended to do. After some preliminary analysis we discovered that […]
If you've been following the research we've been publishing (spearheaded by my Russian colleagues Aleksandr Matrosov and Eugene Rodionov) you'll be aware that the TDL rootkit family doesn’t make use of OS’s own file system. Instead, it implements its own hidden storage for the payload, configuration files and so on. The hidden storage is located at the end […]
Latest Comments