Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MALWARE - New TDL4 Rootkit Variants SEP 2013

These New TDL rootkit Variants capitalize on Exploit CVE-2013-3660

http://www.f-secure.com/weblog/archives/00002612.html

http://labs.bitdefender.com/2013/04/new-tdl-clones-in-the-wild/

QUOTE: Last year, ESET mentioned a TDL4 variant (some AV vendors refer to it as Pihar) that employs new techniques to bypass HIPS as well as to elevate a process's privileges to gain administrator access. The droppers of the variants we recently saw also use the same techniques mentioned in ESET's blog post, but with some minor updates.   TDL4 exploits the MS10-092 vulnerability in Microsoft Window's Task Scheduler service to elevate the malware's process privileges in order to load the rootkit driver. The new variants instead exploits the CVE-2013-3660 EPATHOBJ vulnerability discovered by security researcher Tavis Ormandy

FREE CLEANING TOOL: Bitdefender antimalware researchers have updated the free rootkit remover to deal with the latest TDL clones