Here you also have a 101 Approach of the bootkit portion of the TDSS-4 Malware - Part 1. Hope you enjoy it.
http://danuxx.blogspot.com/2011/03/tdsstdl-4-bootkit-101-approach-part-1.html On Wed, Apr 20, 2011 at 2:01 PM, Adam Behnke <[email protected]>wrote: > Hello everyone,**** > > ** ** > > We have a new article series on x64 TDSS up at InfoSec Institute. The > series discusses the first malware to reliably attach x64 operating systems > such as Windows Vista and Windows 7. This technically advanced malware > bypasses many protective measures in various operation systems and exploits > the normal boot process.**** > > ** ** > > You can find the first article, in the series of three, here:**** > > ** ** > > http://resources.infosecinstitute.com/tdss4-part-1/**** > > ** ** > > In this research we focused on the most interesting and exceptional > features of the Win32/Olmarik bootkit. Special attention was paid to the > bootkit functionality which appeared in TDL4 and enabled it to begin its > launch process before the OS is loaded, as well as its ability to load an > unsigned kernel-mode driver — even on systems with kernel-mode code signing > policy enabled — and bypassing kernel-mode patch protection mechanisms. > These characteristics all make TDL4’s a prominent player on the malware > scene.**** > > ** ** > > Your thoughts?**** > > ** ** > > ** ** > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > > -- DanUx ---------------
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
