Researchers Warn of Overhaul to TDL4 Rootkit

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

ESET security researchers say that TDL4 is being rewritten to give it improved resistance to anti-virus detection.

"'ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution,' announced David Harley, the company's director of malware intelligence," writes PCWorld's Lucian Constantin.

"[According] to ESET's researchers, changes are now being made to the way TDL4 infects systems and ensures its hold on them," writes PCWorld's Lucian Constantin. "Instead of storing components within the MBR [Master Boot Record], the new variants create a hidden partition at the end of the hard disk and set it as active."

"This ensures that malicious code stored on it, including a special boot loader, gets executed before the actual operating system, and that the MBR code checked by antivirus programs for unauthorized modifications remains untouched," Constantin writes.

Go to "World's Most Sophisticated Rootkit Is Being Overhauled" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.