TDL4 revisited

TDL4 revisited

I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute. The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older

I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute. The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older

I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute.

The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older and newer information and the separation of the topics useful. Anyway, the subversion of 64-bit Windows is certainly still an interesting topic.

All three articles are linked on the white papers page at http://www.eset.com/us/documentation/white-papers:

TDSS part 1: The x64 Dollar Question: Considers and contrasts the distribution and installation of the TDL3 and TDL4 bootkits.

TDSS part 2: Ifs and Bots: Looks in more depth at the internals of the TDSS malware.

 TDSS part 3: Bootkit on the other foot: The last part of the series describes the TDSS loading process.

 

Discussion