Sunday, June 5, 2011 0 comments
TDSS rootkit updated with self-propagation component
TDSS rootkit is composed of several distinct versions and a lot of variants and is one of the most sophisticated pieces of malware around. It's 4th version TDL4 is capable of successfully infecting 64-bit versions of windows vista and 7. It is also able to infect the master boot record (MBR). These are some facts which give the malware the ability to run malicious instructions before any antivirus program has a chance to kick in.
According to security researchers from Kaspersky Lab, TDSS just became even more dangerous, because now it is able to spread itself. The company's malware analysts have noticed that new variants of TDSS drop a component specifically designed to infect other computers.
Kaspersky has named this component Net-Worm.Win32.Rorpian and points out that it uses two propagation methods. One is a traditional USB infection routine, where any removable storage device plugged into the computer's USB ports is being rigged with malware.