TDI - a new element in old TDSS story
Jump to navigation
Jump to search
(Publication) Google search: [1]
| TDI - a new element in old TDSS story | |
|---|---|
| Botnet | TDSS |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-10-08 |
| Editor/Conference | Artem I. Baranov |
| Link | http://artemonsecurity.blogspot.fr/2012/10/tdi-new-element-in-old-tdss-story.html artemonsecurity.blogspot.fr (artemonsecurity.blogspot.fr Archive copy) |
| Author | Artem I. Baranov |
| Type | |
Abstract
“ Later, in September and October, Damballa and SurfRight respectively also confirm that new modification of tdss was observed.
http://hitmanpro.wordpress.com/2012/10/07/new-tdl4-strain-very-successful-in-hiding-from-av/ https://www.damballa.com/press/2012_09_17bPR.php
A few words about dropper. It contains: - obfuscated code with trash instructions; - anti-emu features; - checking debug from huge number of functions; - calling key functions via stack modification for hiding code flow.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1181,
editor = {Artem I. Baranov},
author = {Artem I. Baranov},
title = {TDI - a new element in old TDSS story},
date = {08},
month = Oct,
year = {2012},
howpublished = {\url{http://artemonsecurity.blogspot.fr/2012/10/tdi-new-element-in-old-tdss-story.html artemonsecurity.blogspot.fr}},
}