Homepage FM - coming soon!
WMA
Realplayer
Winamp
Now playing...
Apr 25
th
, 2024, 8:48pm
Welcome, Guest. Please
Login
.
Steve's Homepage
›
General Chatter
›
The Lounge
(Moderators:
belmando
,
Termy
,
sleepy
,
knugen
,
haga
,
gorth
,
locktightT
,
invalid
,
gonawayuk
)
‹
Previous topic
|
Next topic
›
Pages: 1
TDL-4 rootkit (Read 2129 times)
jrb333
(Offline)
God
Dark side of the
moon
Posts: 642
Gender:
TDL-4 rootkit
Jul 2
nd
, 2011, 12:56am
TDL-4 rootkit is another major upgrade to notorious TDSS family.
The TDSS rootkit family (also known as Alureon or TDL) is something of an admired worst enemy of security researchers and vendors of anti-virus products. They hide deep in the Windows operating system, using and manipulating low-level instructions to avoid detection by anti-virus suites, and using encryption to protect their communications with command and control servers.
The latest TDL-4 version of the family is used (like the others) as a stealth backdoor installer of malware, and it has some huge advantages over its predecessors. It can infect 64-bit versions of Windows now by bypassing the Windows kernel mode code signing policy, and it creates ad-hoc DHCP servers on networks giving it new propagation powers.
Another major step forward for the malware is the ability to use the Kademlia P2P network for communications. This helps to keep the rootkit stay alive if legal action in the real-world takes down command and control servers.
TDL-4 is also protective of its control over an infected PC, and does not want to share power. It has its own built in anti-malware abilities, finding and killing ZeuS, Gbot and Optima malware infestations on systems it compromises. It even blacklists addresses of command and control servers used by rival malware.
According to research from Kaspersky Labs, the formidable rootkit compromised 4.5 million PCs in the first three months of the year. Almost a third of those computers were in the United States, the most profitable targets.
Back to top
IP Logged
Pages: 1
Steve's Homepage
›
General Chatter
›
The Lounge
(Moderators:
belmando
,
Termy
,
sleepy
,
knugen
,
haga
,
gorth
,
locktightT
,
invalid
,
gonawayuk
)
‹
Previous topic
|
Next topic
›
Forum Jump:
-----------------------------
Forum Announcements
-----------------------------
- Forum News
- Some Do's and Dont's
- Steve's Homepage Feedback!
-----------------------------
Cardsharing CCcam/gbox
-----------------------------
-----------------------------
Upload area
-----------------------------
- Receiver patches & firmware
-----------------------------
General Chatter
-----------------------------
- General news stories and stuff
=> The Lounge
- Sports Desk
- Jokes and Puzzles
- Pictures and video
- Photography
- Film reviews
- Bargain basement
-----------------------------
Multimedia
-----------------------------
- Dvd, Vcd, .avi, .mpeg, DivX
-----------------------------
PC Help
-----------------------------
- Help!
- PC Software
-----------------------------
Cellular / GSM and GPS
-----------------------------
-----------------------------
Satellite
-----------------------------
- Help and Information
- Digital Bits.....
- TV Guide
- Transponder news and Feeds
-----------------------------
Sports
-----------------------------
Steve's Homepage
» Powered by
YaBB 2.1
!
YaBB
© 2000-2005. All Rights Reserved.