Olmasco bootkit: next circle of TDL4 evolution (or not)
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Olmasco bootkit: next circle of TDL4 evolution (or not) | |
|---|---|
| Botnet | TDSS, TDL-4 |
| Malware | Olmasco |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-10-18 |
| Editor/Conference | Eset |
| Link | http://blog.eset.com/2012/10/18/olmasco-bootkit-next-circle-of-tdl4-evolution-or-not blog.eset.com (blog.eset.com Archive copy) |
| Author | Aleksandr Matrosov |
| Type | |
Abstract
“ Olmasco (also known as SST, MaxSS) is a modification of the TDL4 bootkit family that we’ve been aware of since summer 2011. We started to track a new wave of activity from a new Olmasco dropper at the end of this summer. This bootkit family was the second to use VBR (Volume Boot Record) infection to bypass kernel-mode code signing policy since Rovnix (Rovnix bootkit framework updated) appeared in-the-wild.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1185,
editor = {Eset},
author = {Aleksandr Matrosov},
title = {Olmasco bootkit: next circle of TDL4 evolution (or not)},
date = {18},
month = Oct,
year = {2012},
howpublished = {\url{http://blog.eset.com/2012/10/18/olmasco-bootkit-next-circle-of-tdl4-evolution-or-not blog.eset.com}},
}