It's now known that the cyber-criminal team behind the TDSS (also known as TDL4 or Alureon) operation has developed the tool for more than personal motives.
TDSS is not only one of the most important bots at the moment in terms of infection count, but also one of the most sophisticated. It has a hidden partition on the infected machine that hosts the code to subvert the OS before it starts, it can infect both 32- and 64-bit versions of Windows 7 and comes with a peer-to-peer communication model between the infected client and the C&C server.
Its complexity and efficiency have made TDSS extremely popular in the cyber underworld. Many current malicious operations are “powered by”clones of TDSS/TDL4 which now appears to be sold as a service.
The increasing number of infections with TDSS variants such as Pihar.A, Pihar.B, Sst.A and Sst.B (MAXSS) prompted us to update the removal tool we published in August. The new tool is able to detect and clean infections with all known clones of TDSS and can be downloaded for free from the Downloads Page of Malware City.
via
MalwareCity