Our colleagues Aleksandr Matrosov, Senior Virus Researcher, & Eugene Rodionov, Rootkit Analyst, who work in our partner labs in Russia, have allowed us to share a long and comprehensive report on the TDL3 rootkit (also known as TDSS, Alureon, W32/Olmarik and so on).

The paper starts with a summary of the rootkit's connection with the Dogma Millions gang, but also looks at more technical issues such as the operation of the dropper, the rootkit itself, the encrypted file system and the injector.

The report is up now on the ESET white papers page in the "Articles by ESET Researchers" section, or you can go straight to it here.There's a lot of material there, so I'll probably come back and look at some more of the detail here later.

ESET Research Fellow

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/


Author David Harley, ESET

  • Richard Hotz

    Is there a removal tool for this rootkit?

Follow us

Copyright © 2015 ESET, All Rights Reserved.