Tidy TDSS (TDL3) Paper

Our colleagues Aleksandr Matrosov, Senior Virus Researcher, & Eugene Rodionov, Rootkit Analyst, who work in our partner labs in Russia, have allowed us to share a long and comprehensive report on the TDL3 rootkit (also known as TDSS, Alureon, W32/Olmarik and so on).

The paper starts with a summary of the rootkit's connection with the Dogma Millions gang, but also looks at more technical issues such as the operation of the dropper, the rootkit itself, the encrypted file system and the injector.

The report is up now on the ESET white papers page in the "Articles by ESET Researchers" section, or you can go straight to it here.There's a lot of material there, so I'll probably come back and look at some more of the detail here later.

David Harley CITP FBCS CISSP
ESET Research Fellow

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

http://www.eset.com/blog/?p=4360


Author David Harley, ESET

  • Richard Hotz

    Is there a removal tool for this rootkit?

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
25 Jun 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.