Win32/Olmarik Archives -


TDL4: Less hype, more history

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It's introduced new twists on old ideas like P2P networks and hiding malware.

TDSS: The Next Generation

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform

TDL4 and Glupteba: Piggyback PiggyBugs

My colleague Aleksandr Matrosov today received an interesting sample of TDL4 from another of my colleagues, Pierre-Marc Bureau: this sample downloads and install another malicious program, Win32/Glupteba.D. This was the first instance he’d come across of TDL4 used to install other malware, and here’s his account of what he found. A sample of Win32/Olmarik.AOV was