Analysis of the Olmasco bootkit: a TDL4 variation with an interesting approach to dropper technology

Alexandr Matrosov summarizes the evolution of complex threats using hidden storage, as discussed in his presentation with Eugene Rodionov at Virus Bulletin 2012.

Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.

Why the ZeroAccess rootkit family modifications are important to the end user.

ESET is seeing a new step of evolution for the Rovnix bootkit family.

A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system.

ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.

During the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.

…you can probably guess what I think about the idea of an undetectable virus…

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It’s introduced new twists on old ideas like P2P networks and hiding malware.