MBR

The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )

Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed

We are not Zimused – a few updates

My colleague Juraj Malcho, head of lab in Bratislava, has clarified a point: what Zimuse actually does is fill the first 50Kb of a targeted disk with zeroes (actually the 0×00 character): This does indeed overwrite the MBR, but also overwrites anything else that occupies that area of the disk. The malware came to ESET's attention because

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.