Dailydave mailing list archives
Re: Reversing x64 TDSS at InfoSec Institute
From: NeZa <neza0x () gmail com>
Date: Fri, 1 Jul 2011 16:18:19 -0500
Here you also have a 101 Approach of the bootkit portion of the TDSS-4 Malware - Part 1. Hope you enjoy it. http://danuxx.blogspot.com/2011/03/tdsstdl-4-bootkit-101-approach-part-1.html On Wed, Apr 20, 2011 at 2:01 PM, Adam Behnke <adam () infosecinstitute com>wrote:
Hello everyone,**** ** ** We have a new article series on x64 TDSS up at InfoSec Institute. The series discusses the first malware to reliably attach x64 operating systems such as Windows Vista and Windows 7. This technically advanced malware bypasses many protective measures in various operation systems and exploits the normal boot process.**** ** ** You can find the first article, in the series of three, here:**** ** ** http://resources.infosecinstitute.com/tdss4-part-1/**** ** ** In this research we focused on the most interesting and exceptional features of the Win32/Olmarik bootkit. Special attention was paid to the bootkit functionality which appeared in TDL4 and enabled it to begin its launch process before the OS is loaded, as well as its ability to load an unsigned kernel-mode driver — even on systems with kernel-mode code signing policy enabled — and bypassing kernel-mode patch protection mechanisms. These characteristics all make TDL4’s a prominent player on the malware scene.**** ** ** Your thoughts?**** ** ** ** ** _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
-- DanUx ---------------
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Reversing x64 TDSS at InfoSec Institute NeZa (Jul 01)