Comments on: TDL4 reloaded: Purple Haze all in my brain http://www.welivesecurity.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Vish http://www.welivesecurity.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain/#comment-654 Sun, 12 Feb 2012 21:06:38 +0000 http://blog.eset.com/?p=11467#comment-654 Hi David,
     Thank you and your colleagues for the earlier analysis of TDL4 – it made for 50 pages of fascinating reading.
These bootkits have already reached the point where average users find them too difficult to detect / remove. That they even attempt to remove them has to do with the unpleasant  "symptoms" of the accompanying malware. In fact, if the infections did not hinder the user's computing experience so overtly (100% CPU usage, web search redirects etc) most users would probably accept the coexistence of the infection on their systems.
     -Vish

]]>
By: Chris http://www.welivesecurity.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain/#comment-653 Wed, 08 Feb 2012 12:50:48 +0000 http://blog.eset.com/?p=11467#comment-653 What are you using for decompilation of the code above?  Is it Hex-Rays decompiler or something else?

]]>
By: Philip96 http://www.welivesecurity.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain/#comment-652 Tue, 07 Feb 2012 08:28:45 +0000 http://blog.eset.com/?p=11467#comment-652 InternetCrackUrlA is used as an API?Also what value does it use? ICU_Decode or Icu_Escape?

]]>
By: David Harley http://www.welivesecurity.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain/#comment-651 Fri, 03 Feb 2012 09:18:29 +0000 http://blog.eset.com/?p=11467#comment-651 We wouldn’t analyse a sample and discuss it publicly without having a detection for it. :) That doesn’t, of course, mean that we can guarantee detection for all instances of TLD4, unfortunately.

]]>
By: questions http://www.welivesecurity.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain/#comment-650 Fri, 03 Feb 2012 05:31:39 +0000 http://blog.eset.com/?p=11467#comment-650 We have completed to its defense?

]]>