My colleague Aleks Matrosov has come across an interesting if uncomfortable post on a Russian language forum, advertising a "Boot loader for drivers" currently under test that doesn't require a Digital Signature driver, which sounds very much like our old friend TDL4. This metamorphic malware (each build generates a fresh binary) loads before the start of PatchGuard. It's
Alexandr Matrosov summarizes the evolution of complex threats using hidden storage, as discussed in his presentation with Eugene Rodionov at Virus Bulletin 2012.
Aleksandr Matrosov and Eugene Rodionov presented their research into â€œSmartcard vulnerabilities in modern banking malwareâ€ at PHDays’2012.
ESET researchers Aleksandr Matrosov and Eugene Rodionov just gave a talk on Defeating x64: Modern Trends of Kernel-Mode Rootkits