Debug TDL4 bootkit part via IDA + Bochs
TDL4 reloaded: Purple Haze all in my brain
Award-winning news, views, and insight from the ESET security community TDL4 reloaded: Purple Haze all in my brain A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system. Update: Mila's own blog on the topic is now available here. Other vendors may find the MD5 useful: A1B3E59AE17BA6F940AFAF86485E5907. However, Mila reports that d
Bootkit Threat Evolution in 2011
Award-winning news, views, and insight from the ESET security community Bootkit Threat Evolution in 2011 ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011. The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used
Rent-a-Bot Networks Tied to TDSS Botnet – Krebs on Security
Criminals who operate large groupings of hacked PCs tend to be a secretive lot, and jealously guard their assets against hijacking by other crooks. But one of the world’s largest and most sophisticated botnets is openly renting its infected PCs to any and all comers, and has even created a Firefox add-on to assist customers. The TDSS botnet is the most sophisticated threat today, according to expe
TDL3 and ZeroAccess: More of the Same? - Webroot Blog
TDL3 and ZeroAccess: More of the Same? by Blog Staff | Aug 8, 2011 | Industry Intel, Threat Lab Reading Time: ~ 5 min. By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden
TDL4 rootkit is coming back stronger than before
After some months since the last blog post about the TDL rootkit, we have to come back and write again about this nasty threat that is targetting both 32 bit and 64 bit versions of the Windows operating system, succesfully bypassing all the security countermeasures implemented in the 64 bit version of Windows that should prevent the loading of unsigned drivers and every kind of patch to the Window
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
TDL4 - Purple Haze (Pihar) Variant - sample and analysis
TDL4 rebooted
Crooks rent out TDSS/TDL-4 botnet to the clueless
Virusexperts.org
TDSS:TDL-4 - Bootkit - 101 Approach - Part 1
TDL4 – Top Bot
Android Malware Eavesdrops on Users, Uses Google+ as Disguise
TDSS loader now got “legs”
TDL4: Beat-root with Confidence
The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )
Endpoint Protection - Symantec Enterprise
マカフィー株式会社 | McAfee Blog - 偽セキュリティソフト、再び拡大の恐れ
TDL3 Rookit Implicit Analysis (Part 2)