TDL3 : Why so serious
(Publication) Google search: [1]
| TDL3 : Why so serious | |
|---|---|
| Botnet | TDSS |
| Malware | TDL-3 (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | HTTP |
| Date | / |
| Editor/Conference | |
| Link | http://virusvn.com/download/video-tutorial/tdl3 analysis paper.pdf (Archive copy) |
| Author | Nguyễn Phố Sơn |
| Type | |
Abstract
“ TDL or TDSS family is a famous trojan variant for its effectiveness and active technical
development. It contains couple compoments: a kernel-mode rootkit and user-mode DLLs which performs the trojan operation such as downloaders, blocking Avs, etc,. Since the rootkit acts as an “injector” and protector for the usermode bot binaries, almost all technical evolutions of this threat family focus on rootkit technology so as to evade AV scanners. As in its name, TDL3 is the 3rd generation of TDL rootkit which still takes its aims at convering stealthy existences of its malicious codes. Beside known features, this threat is exposed with a couple of impressive tricks which help it bypassing personal firewall and staying totally undetected by all AVs and ARKs at the moment. These aspects and techniques will be discussed in more detail in the sections that follow.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permittedBFR891,
editor = {},
author = {Nguyễn Phố Sơn},
title = {TDL3 : Why so serious},
date = {19},
month = Apr,
year = {},
howpublished = {\url{http://virusvn.com/download/video-tutorial/tdl3_analysis_paper.pdf}},
}