Olmasco bootkit: next circle of TDL4 evolution (or not)

From Botnets.fr
Revision as of 15:28, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Olmasco bootkit: next circle of TDL4 evolution (or not)
Botnet TDSS, TDL-4
Malware Olmasco
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-18
Editor/Conference Eset
Link http://blog.eset.com/2012/10/18/olmasco-bootkit-next-circle-of-tdl4-evolution-or-not blog.eset.com (blog.eset.com Archive copy)
Author Aleksandr Matrosov
Type

Abstract

Olmasco (also known as SST, MaxSS) is a modification of the TDL4 bootkit family that we’ve been aware of since summer 2011. We started to track a new wave of activity from a new Olmasco dropper at the end of this summer. This bootkit family was the second to use VBR (Volume Boot Record) infection to bypass kernel-mode code signing policy since Rovnix (Rovnix bootkit framework updated) appeared in-the-wild.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1185,
   editor = {Eset},
   author = {Aleksandr Matrosov},
   title = {Olmasco bootkit: next circle of TDL4 evolution (or not)},
   date = {18},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://blog.eset.com/2012/10/18/olmasco-bootkit-next-circle-of-tdl4-evolution-or-not blog.eset.com}},
 }