TDSS Rootkit Technologies Back

Security firm 'Kaspersky Lab' has warned Internet users to keep a check on their PCs for the presence of TDSS rootkit. It is a nasty piece of code in its third iteration (TDL-3), which permits hidden but complete zombie control of the host PC.

According to the security experts, TDSS is the most complex and powerful rootkit till date. This universal malware hides its own existence and other malware on an infected PC while providing enhanced opportunities.

TDSS infects drivers in order to penetrate into the computers. This will be launched at the moment when the operating system gets started.

The infector replaces a number of bytes in the resources section of the target file with a small loader of the main body of the rootkit and manipulates the drivers' entry point. As a result, it becomes very difficult to detect and remove this rootkit.

However, this is not alone what the rootkit does; TDL-3 uses its own encrypted file system n in which it saves its configuration data and additional user-mode DLLs. Consecutively, TDL-3 doesn't need the File Allocation Table (FAT) or NTFS file systems (New Technology File System) to operate.

Considering that the cybercriminals have put noticeable efforts to support the malware, inventing various techniques for bypassing signature-based, fixing errors and heuristic and proactive detecting, TDSS can penetrate into computer even if an antivirus is installed and running.

The botnets' control and command centers are situated in Luxembourg, Russia, China, Hong Kong and Holland. The rootkit has an extensive range of abilities and capabilities and can be used in a number of ways depending on what the malware authors and/or the owners or renters of botnets develop with the help of TDSS.

As long as a malicious program reaps profit, cyber criminals will continuously develop and support it. The security experts have concluded that it is expected that the rootkit functioning will be improved in future so as to further counteract protection technologies.

Related article: TweetDeck Warns of Fake Update on Twitter Distributing Malware

» SPAMfighter News - 8/18/2010