ESET security researchers say that TDL4 is being rewritten to give it improved resistance to anti-virus detection.
"'ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution,' announced David Harley, the company's director of malware intelligence," writes PCWorld's Lucian Constantin.
"[According] to ESET's researchers, changes are now being made to the way TDL4 infects systems and ensures its hold on them," writes PCWorld's Lucian Constantin. "Instead of storing components within the MBR [Master Boot Record], the new variants create a hidden partition at the end of the hard disk and set it as active."
"This ensures that malicious code stored on it, including a special boot loader, gets executed before the actual operating system, and that the MBR code checked by antivirus programs for unauthorized modifications remains untouched," Constantin writes.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Go to "World's Most Sophisticated Rootkit Is Being Overhauled" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.