You are not connected. Please login or register

Cheetah-Fast Antivirus Forum (formerly The Ultimate Geek TaskForce!) » News » News Archive » TDL3 rootkit x64 goes in the wild

View previous topic View next topic Go down  Message [Page 1 of 1]

Blaze


Malware Researcher
Malware Researcher
It took some time but now x64 Windows operating systems are officially the new target of rootkits.

We talked about TDL3 rootkit some months ago as the most advanced rootkit ever seen in the wild. Well, the last version of TDL3 was released months ago and documented as build 3.273. After that, no updates have been released to the rootkit driver. This was pretty suspicious, more so if you've been used to seeing rebuild versions of TDL3 rootkit every few days to defeat security software.

Obviously, the rootkit was stable and it is currently running without any major bug on every 32 bit Windows operating system. Still though, the dropper needed administrator rights to install the infection in the system. Anyway, the team behind TDL3 rootkit was just too quiet to not expect something new.


...Read more: http://www.prevx.com/blog/154/TDL-rootkit-x-goes-in-the-wild.html


..........................................................
Feel free to follow me on Twitter: bartblaze

View user profile
Share this post on: Excite BookmarksDiggRedditDel.icio.usGoogleLiveSlashdotNetscapeTechnoratiStumbleUponNewsvineFurlYahooSmarking

Looks like Kaspersky's TDSSKiller is working fine to kill the rootkit.

Re: TDL3 rootkit x64 goes in the wild

Post on Thu Sep 16, 2010 2:22 am by Blaze

Have you tested MBRCheck already on an infected machine ?

I have not. I know the dudes at KernelMode probably did. I think AD said it was not ready yet.

View previous topic View next topic Back to top  Message [Page 1 of 1]

Cheetah-Fast Antivirus Forum (formerly The Ultimate Geek TaskForce!) » News » News Archive » TDL3 rootkit x64 goes in the wild

Permissions in this forum:
You cannot reply to topics in this forum