A forum for reverse engineering, OS internals and malware analysis
markvirussearch wrote:Can someone post a dump of a MBR infected by TDL4?http://www.kernelmode.info/forum/viewto ... 8792#p8792
AaLl86 wrote:Hi All!Actually, this is not original TDL4, it's modification - MaxSS (Trojan:Win32/Alureon.FE). Sample can be found at "TDL Modifications" branch, look http://www.kernelmode.info/forum/viewto ... 8758#p8758.
As many of you know, TDL4 has now evolved. Now it installs an hidden partition without touching MBR code.
Try to check this article: http://blog.eset.com/2011/10/18/tdl4-rebooted.
I would like to ask if somebody can post here the new dropper.
Thank you all very much.
Andrea
rkhunter wrote: Actually, this is not original TDL4, it's modification - MaxSS (Trojan:Win32/Alureon.FE). Sample can be found at "TDL Modifications" branch, look http://www.kernelmode.info/forum/viewto ... 8758#p8758.Thank you very much rkhunter!
NarfBang wrote:Anyone know if TDL-4 is still being actively developed? Anyone have a recent release?Look ESET article http://blog.eset.com/2011/10/18/tdl4-rebooted and
I just haven't seen it showing up anywhere.
shreyas wrote:sorry! but that TDL4 is 2 days old....Oh, really?
MD5: 56bb50af9f67fd6efc16728fbea2c529http://www.virustotal.com/file-scan/rep ... 1320039266
Date first seen: 2011-10-10 16:36:08 (UTC)
Date last seen: 2011-10-30 20:46:39 (UTC)
Detection ratio: 38/42
