TDSS Rootkit boasts new DHCP server

Discussion in 'malware problems & news' started by Malcontent, Jun 3, 2011.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/
     
    Last edited: Jun 3, 2011
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Re: TDSS boasts new DHCP server

    Wow, it's getting even more advanced. Just cleaning your system won't be enough anymore.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Doesn't the article imply that you have to be on an already infected network?

    From another article:

    TDSS loader now got “legs”
    http://www.securelist.com/en/blog/208188095/TDSS_loader_now_got_legs

     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Is it possible to perform a silent update that wouldn't alert the user to the install?
    Is Java, Flash or Ajax involved at all?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    One should have security in place to alert if something like that happens.

    I've simulated such exploits by using Adobe Acrobat and Javacheck updaters:


    adobeupdater.gif



    javaupdater.gif



    Actually, updaters shouldn't even get this far if you have a firewall that monitors outbound connections:


    javaupdateKerio.gif adobeupdaterKerio.gif



    Java, Flash, etc, exploits can be blocked from installing malware executables with security in place to prevent anything happening without user permission:


    [​IMG]


    regards,

    -rich
     
    Last edited: Jun 4, 2011
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.