NEWS - October 09, 2012
by Carol~ - 10/9/12 7:48 AM
New TDL4 rootkit successfully hiding from AV
A new variant of TDL4 has been identified, and it is now ranked as the second most prevalent malware strains within two months since detection.
The characteristics are similar to the iteration of the TDL4 rootkit, detected by Damballa a month ago. Damballa picked it up through its network behavioural analysis software, which detected the generated domain names that this new TDL4 variant apparently uses for command-and-control communication.
Since Damballa could only determine the existence of the new malware by looking for domain fluxing, it was concluded that no binary samples of the new malware had been identified and categorised by commercial antivirus products operating at the host or network levels.
HitmanPro, however, has detected Sst.c - also known as Maxss, a modification of the TDL4 strain and it is spreading fast.
Continued : http://www.net-security.org/malware_news.php?id=2288
New Variant of TDL4 Buries Itself Deep into the Hard-Drive to Evade Detection
New TDL4 strain very successful in hiding from AV