Our colleagues Aleksandr Matrosov, Senior Virus Researcher, & Eugene Rodionov, Rootkit Analyst, who work in our partner labs in Russia, have allowed us to share a long and comprehensive report on the TDL3 rootkit (also known as TDSS, Alureon, W32/Olmarik and so on).
The paper starts with a summary of the rootkit's connection with the Dogma Millions gang, but also looks at more technical issues such as the operation of the dropper, the rootkit itself, the encrypted file system and the injector.
The report is up now on the ESET white papers page in the "Articles by ESET Researchers" section, or you can go straight to it here.There's a lot of material there, so I'll probably come back and look at some more of the detail here later.
David Harley CITP FBCS CISSP
ESET Research Fellow
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET