TDL4 Rootkit Overhauled

According to researchers from ESET, creators of the TDL4 rootkit, an extremely sophisticated malicious program, are rewriting and enhancing it so it may be more resilient to security software identifications, published ComputerWorld dated October 21, 2011.

Indeed, while recreating TDL4, the perpetrators ensured that the malware stayed off detection from various security defenses, particularly anti-virus programs. The fresh variants create an invisible separation on the hard disk of the contaminated computer and then activate it. Consequently, the malware residing on it is executed prior to the running of the Windows OS.

Apparently, the most recent stage is the Win32/Olmasco.R malware detection, the TDL4's newest version that has been developed in certain ways, especially in the way it contaminates a computer as well as manages in altering the concealed system files' layout.

Earlier, during July 2011, Kaspersky Labs' malware experts stated that the fourth version of TDL led the world's malicious programs in terms of sophistication, while it infected an estimated 4.5m or more number of PCs.

Meanwhile, during April 2011, an update found release from Microsoft to prevent TDL4 on Windows computers. But the rootkit's creators reacted a month later via publishing a counter update, which mimicked the Microsoft's defense.

Maintaining malware in this way is thus indicative of considerable gain from the investment. The sophisticated methods along with the superiority of the code surely suggest that the development of software has been highly professional.

Moreover, ESET investigators state that TDL4 is the most prominent of all current rootkits because of its myriad characteristics. These are its capability for contaminating 64-bit Windows computers, utilizing Kad, a P2P network available for the public, to issue commands, as well as possessing a component to protect the MBR (Master Boot Record), among others.

The investigators elaborate that TDL4 can identify files corrupted within the concealed system files' arrangement via computing the CRC32 checksum as well as making a comparison with the file header-stored estimate. Incase there's any corrupt file, the rootkit eliminates it, they tell.

Meanwhile, the recent alterations indicate that there's barely any sign of the TDL4 developers' persistent innovation of the malware slowing down.

Related article: Total PC Defender – The Latest Scareware Scam

» SPAMfighter News - 11/1/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2024    All rights reserved.    Privacy Statement    Sitemap