Win32/Olmarik

Rovnix bootkit framework updated

Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.

TDL4 reloaded: Purple Haze all in my brain

A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system.

Bootkit Threat Evolution in 2011

ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.

Hasta La Vista, Bootkit: Exploiting the VBR

During the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.

TDL4: Less hype, more history

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It’s introduced new twists on old ideas like P2P networks and hiding malware.

The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )

Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed

TDSS: The Next Generation

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform

TDL4 and Glubteba: Piggyback PiggyBugs

My colleague Aleksandr Matrosov today received an interesting sample of TDL4 from another of my colleagues, Pierre-Marc Bureau: this sample downloads and install another malicious program, Win32/Glupteba.D. This was the first instance he’d come across of TDL4 used to install other malware, and here's his account of what he found. A sample of Win32/Olmarik.AOV was

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.