TDI - a new element in old TDSS story
Jump to navigation
Jump to search
(Publication) Google search: [1]
TDI - a new element in old TDSS story | |
---|---|
Botnet | TDSS |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-10-08 |
Editor/Conference | Artem I. Baranov |
Link | http://artemonsecurity.blogspot.fr/2012/10/tdi-new-element-in-old-tdss-story.html artemonsecurity.blogspot.fr (artemonsecurity.blogspot.fr Archive copy) |
Author | Artem I. Baranov |
Type |
Abstract
“ Later, in September and October, Damballa and SurfRight respectively also confirm that new modification of tdss was observed.
http://hitmanpro.wordpress.com/2012/10/07/new-tdl4-strain-very-successful-in-hiding-from-av/ https://www.damballa.com/press/2012_09_17bPR.php
A few words about dropper. It contains: - obfuscated code with trash instructions; - anti-emu features; - checking debug from huge number of functions; - calling key functions via stack modification for hiding code flow.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1181, editor = {Artem I. Baranov}, author = {Artem I. Baranov}, title = {TDI - a new element in old TDSS story}, date = {08}, month = Oct, year = {2012}, howpublished = {\url{http://artemonsecurity.blogspot.fr/2012/10/tdi-new-element-in-old-tdss-story.html artemonsecurity.blogspot.fr}}, }