A forum for reverse engineering, OS internals and malware analysis 

Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Forum for analysis and discussion about malware.

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2364  by EP_X0FF
 Thu Aug 26, 2010 3:28 pm
Which looks like short retelling of several pages of this topic :)

However since they posted it first from AV - they have a PR :)
and we have signature and detection/way to removal:)))

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2366  by EP_X0FF
 Thu Aug 26, 2010 4:39 pm
they were so hurried so created inexistent tdl LOL
Even the rootkit build version changed from 3.2723
while it is
[main]
version=3.273
Hurry up PR-division!! Somebody posted in that thread, it's time to post new "article"! Let's copy-paste this thread to Word.
ROFL

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2367  by USForce
 Thu Aug 26, 2010 5:03 pm
Guys, it's clearly an error when writing :) I am the first who harshly criticize Prevx when needed, but this time it's only a mistake :)
Well, the last version of TDL3 was released months ago and documented as build 3.273
Even the rootkit build version changed from 3.2723 to 0.02
I don't see the reason to go against Prevx. If not Prevx, it was Kaspersky, or Dr.Web, or Symantec ;)

(BTW, really easy to detect and fix this variant :geek: )

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2368  by sww
 Thu Aug 26, 2010 5:37 pm
USForce wrote:I don't see the reason to go against Prevx. If not Prevx, it was Kaspersky, or Dr.Web, or Symantec ;)
Nope, we will write an analyzing paper (maybe), but not a like a PrevX.

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2369  by a_d_13
 Thu Aug 26, 2010 5:38 pm
USForce wrote:Guys, it's clearly an error when writing :) I am the first who harshly criticize Prevx when needed, but this time it's only a mistake :)
Well, the last version of TDL3 was released months ago and documented as build 3.273
Even the rootkit build version changed from 3.2723 to 0.02
I don't see the reason to go against Prevx. If not Prevx, it was Kaspersky, or Dr.Web, or Symantec ;)

(BTW, really easy to detect and fix this variant :geek: )
Yes, I think this is just a simple typing error - nothing to worry about :P

Thanks,
--AD

EDIT:
sww wrote:Nope, we will write an analyzing paper...
Looking forward to seeing it ;)

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2373  by cjbi
 Thu Aug 26, 2010 7:15 pm
Brief dynamic analysis of Fabian Wosar's TDL3 dropper.
Need redaction? :?:
Attachments
TDL3x64.jpg
TDL3x64.jpg (389.69 KiB) Viewed 540 times

Re: Rootkit TDL 3 (alias TDSS, Alureon)

 #2374  by EP_X0FF
 Thu Aug 26, 2010 7:23 pm
One message corrected and one removed because of Forum rules
Please don't use inappropriate language on the forums.
PX5, sww

Common guys, let's be more friendly :)

PX5 at least we need to say thank you for samples you posted earlier.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 60
 Return to “Malware”