Author Topic: TDSS / TDL3 / TDL4 analysis  (Read 14362 times)

0 Members and 1 Guest are viewing this topic.

January 01, 2010, 01:23:39 pm
Read 14362 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Quote
TDL or TDSS family is a famous trojan variant for its effectiveness and active technical
development. It contains couple compoments: a kernel-mode rootkit and user-mode
DLLs which performs the trojan operation such as downloaders, blocking Avs, etc,. Since
the rootkit acts as an “injector” and protector for the usermode bot binaries, almost all
technical evolutions of this threat family focus on rootkit technology so as to evade AV
scanners.
As in its name, TDL3 is the 3rd generation of TDL rootkit which still takes its aims at
convering stealthy existences of its malicious codes. Beside known features, this threat is
exposed with a couple of impressive tricks which help it bypassing personal firewall and
staying totally undetected by all AVs and ARKs at the moment. These aspects and
techniques will be discussed in more detail in the sections that follow.


http://www.rootkit.com/vault/thug4lif3/tdl3_analysis_paper_ed.rar

password: tdl3_analysis
Ruining the bad guy's day

June 28, 2010, 11:50:30 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day


August 05, 2010, 10:08:40 am
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

August 09, 2010, 06:06:18 am
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

October 12, 2010, 05:59:11 am
Reply #5

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

January 25, 2011, 06:20:48 pm
Reply #6

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

January 25, 2011, 06:30:40 pm
Reply #7

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

January 25, 2011, 06:32:05 pm
Reply #8

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

January 25, 2011, 06:35:12 pm
Reply #9

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

January 25, 2011, 06:35:57 pm
Reply #10

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
How the TLD4 rootkit gets around driver signing policy on a 64-bit machine
http://sunbeltblog.blogspot.com/2010/11/how-tld4-rootkit-gets-around-driver.html
Ruining the bad guy's day

March 30, 2011, 08:21:00 pm
Reply #11

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

May 06, 2011, 06:54:54 pm
Reply #12

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

May 11, 2011, 02:21:41 pm
Reply #13

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day

May 15, 2011, 05:59:17 pm
Reply #14

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Ruining the bad guy's day