Author Topic: TDL3 – “Why so serious? Let’s put a smile on that face ...”  (Read 2553 times)

0 Members and 1 Guest are viewing this topic.

November 25, 2009, 10:09:27 am
Read 2553 times

t4L

  • Newbie

  • Offline
  • *

  • 3
Quote
TDL or TDSS family is a famous trojan variant for its effectiveness and active technical development. It contains two compoments: a kernel-mode rootkit and some user-mode DLLs which performs the trojan operation (downloaders, blocking Avs, etc,.). Since the rootkit acts as an “injector” and protector for the ring3 bot binaries, almost technical evolutions of this threat family focus on rootkit technology so as to evade AV scanners.

As in its name, TDL3 is 3rd generation of TDL rootkit, still takes its aims at convering stealthy existences of malicious codes. Beside known features, this threats is exposed with a couple of impressive tricks which help it bypassing personal firewall and staying totally undetected by all AVs and ARKs at the moment. These aspects and techniques will be discussed in more detail in the sections that follow.

Link for the article: http://blog.cmclab.net/wordpress/?p=37
Mirror: http://rootkit.com/newsread.php?newsid=979

PDF version (mirror at rootkit.com): http://blog.cmclab.net/files/npson/pdf/tdl3_analysis_paper_ed.rar
Password for rar file: tdl3_analysis