A forum for reverse engineering, OS internals and malware analysis
zaafar wrote:Thanks for the reply.No, but they are insignificant and not interesting.
what about its successors, (MAXSS/Pihar) are they dead too?
EP_X0FF wrote:Try to do your analysis after few years. Hint: it is dead.What do you mean TDL4 is dead, and why?
Needo wrote:Call 1-800-TDSS, they explain you everything as well as where in this forum located "Search" button.EP_X0FF wrote:Try to do your analysis after few years. Hint: it is dead.What do you mean TDL4 is dead, and why?
EP_X0FF wrote:looks like i do have missed the funeral but I searched google and the kernelmode.info form.....and i couldn't find any "how did it happened" topics/posts/articleNeedo wrote:Call 1-800-TDSS, they explain you everything as well as where in this forum located "Search" button.EP_X0FF wrote:Try to do your analysis after few years. Hint: it is dead.What do you mean TDL4 is dead, and why?
TeamRocketOps wrote:@Needo
I believe the information you are looking for is "Operation Ghost Click". Here is a link to the FBI page:
http://www.fbi.gov/news/stories/2011/no ... re_110911/
This swap tells Windows to load itself in WinPE mode, thus disabling the driver signing checks and allowing unsigned drivers from being loaded in kernel modeHave we seen something similar if not the same?Let me remind you :
