The Evolution of TDL: Conquering x64

gambla · Feb 21, 2013

Hi,
i stumbled on this very good article of 2011 (?). I wonder how to detect and counter the self-defense mechanisms ?

Could this probably be done only offline using a linux rescue-cd ?

Is such a hidden file system detectable at all ?

Rmus · Feb 21, 2013

gambla said:

Hi,
i stumbled on this very good article of 2011 (?).
Click to expand...

Does the article describe how the user gets infected with TDL?

----
rich

gambla · Feb 21, 2013

As far as i remember, it doesn't. Using a proper setup and experience, the dropper should be no problem for us, as well as any signs of the payloads malicious activities. But all i'm interested in is such a worst case scenario.

BoerenkoolMetWorst · Feb 21, 2013

gambla said:

As far as i remember, it doesn't. Using a proper setup and experience, the dropper should be no problem for us, as well as any signs of the payloads malicious activities. But all i'm interested in is such a worst case scenario.
Click to expand...

I remember that HitmanPro had added detection for such a hidden file system through miniport driver hooking back then, I found a blog about it with more explanation:
http://hitmanpro.wordpress.com/2011/06/16/cloud-assisted-miniport-hook-bypass/

gambla · Feb 21, 2013

thanks mate...

Log in or Sign up

The Evolution of TDL: Conquering x64

gambla Registered Member

Attached Files:

Unbenannt.JPG

Rmus Exploit Analyst

gambla Registered Member

BoerenkoolMetWorst Registered Member

gambla Registered Member

Log in or Sign up

The Evolution of TDL: Conquering x64

gambla Registered Member

Attached Files:

Unbenannt.JPG

Rmus Exploit Analyst

gambla Registered Member

BoerenkoolMetWorst Registered Member

gambla Registered Member

Useful Searches