New malware research posted on Resources at InfoSec Institute

[Terrence Miltner <terrence.miltner () infosecinstitute com>]

The InfoSec Institute published an in-depth article on their Resources
website Tuesday about a prominent new player on the malware scene.
The series discusses the first malware to reliably attach x64
operating systems such as Windows Vista and Windows 7. This
technically advanced malware bypasses various protective measures in
various operation systems and exploits the normal boot process.
You can find the first article, in the series of three, here:
http://resources.infosecinstitute.com/tdss4-part-1/
In this research we focused on the most interesting and exceptional
features of the Win32/Olmarik bootkit. Special attention was paid to
the bootkit functionality which appeared in TDL4 and enabled it to
begin its launch process before the OS is loaded, as well as its
ability to load an unsigned kernel-mode driver — even on systems with
kernel-mode code signing policy enabled — and bypassing kernel-mode
patch protection mechanisms. These characteristics all make TDL4’s a
prominent player on the malware scene.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave