Sunday, 11 September 2011

The Next Step In TDL Development

A few days ago, Norman reported of this newest piece of crap released by the TDL4 guys. So far they have pwned infecting Windows file, pwned infecting the MBR, now they are after the BIOS.

This new infection boots itself when the BIOS is loaded and uses several new nasty techniques. They still infect the MBR with TDL4, but this new infection checks that the MBR infection is not damaged by malware removal tools, and if it is, will re-write the malicious code into the MBR. Symantec did an awesome write up on it, here.

I knew these guys were serious when we started seeing these dangerous MBR modifications by the infection but targeting the BIOS takes it to a whole new level.

But, lets look on the good side. A few days ago, Brian Krebs wrote this awesome article on tracking one person who might be involved with the upkeep of the TDSS botnet, the person was traced back to somewhere in Russia (why does Russia not suprise me?).

A day after Brian posted his findings on his blog, his site and his provider suffered a DDOS attacks, which took him and his site offline for a little while. Luckily his site wasn't down long and he got it back up and running fairly quickly, but it shows they are scared of being caught - to me the attack was in retaliation of his findings.

Shame DDOS attacks are useless nowadays - fair enough they knock the site offline for a while but no permenant damage was done to Brians site.

Keep up the awesome work Brian!

No comments:

Post a Comment