- Mar 15, 2011
- 13,070
Recently my colleagues and I have been analyzing TDL4 — a variant of the well known malware family TDSS. TDSS, as we know, is and advanced malware that evades detection by going back to where we stopped looking long ago: in the boot sector. Back in the 16-bit DOS days, boot viruses spread from disk to disk, wreaking havoc on our computers– until 32-bit Windows came along and made those viruses obsolete. But the boot sector as a malware container is making a comeback, and bootkits such as TDSS are at the forefront.
Malware writers have figured out that the boot sector is a good way to circumvent detection—a lot of antivirus software does not have as rigorous checks as it had in the past, and it is a good way to circumvent Microsoft’s security settings.
Read More