Analysis of the Olmasco bootkit: a TDL4 variation with an interesting approach to dropper technology
boot sector malware
[NOTE: For the latest information about compatibility between ESET’s software and Windows 8, please see the following blog post: W8ing for V6: What ESET has in store for Windows 8 Users. (10/23/2012, 4:15PM)] Windows 8 will be available to the public in three weeks, and interest in the latest version of Microsoft’s flagship operating system
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
ESET is seeing a new step of evolution for the Rovnix bootkit family.
Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed