The case of TDL3
Jump to navigation
Jump to search
(Publication) Google search: [1]
| The case of TDL3 | |
|---|---|
| Botnet | TDSS |
| Malware | TDL-3 (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | HTTP |
| Date | 2010 / juin 2010 |
| Editor/Conference | F-Secure |
| Link | http://www.f-secure.com/weblog/archives/The Case of TDL3.pdf (Archive copy) |
| Author | Ace Portuguez |
| Type | |
Abstract
“ TDL3, so named by the malware authors themselves, adopts some characteristics of
Mebroot malware family in terms of disk infection and surviving reboot operations. Although it does not rank as the most complicated malware seen, TDL3’s distinctive features – stealthy infection mechanisms and tricky removal - should not be overlooked. Moreover, TDL3 is just a framework for further system compromise. In few simple words, TDL3 is a "Means to an End”.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR892,
editor = {F-Secure},
author = {Ace Portuguez},
title = {The case of TDL3},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2010},
howpublished = {\url{http://www.f-secure.com/weblog/archives/The_Case_of_TDL3.pdf}},
}