TDSS Rootkit boasts new DHCP server

Discussion in 'malware problems & news' started by Malcontent, Jun 3, 2011.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/
     
    Last edited: Jun 3, 2011
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Re: TDSS boasts new DHCP server

    Wow, it's getting even more advanced. Just cleaning your system won't be enough anymore.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Doesn't the article imply that you have to be on an already infected network?

    From another article:

    TDSS loader now got “legs”
    http://www.securelist.com/en/blog/208188095/TDSS_loader_now_got_legs

     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Is it possible to perform a silent update that wouldn't alert the user to the install?
    Is Java, Flash or Ajax involved at all?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    One should have security in place to alert if something like that happens.

    I've simulated such exploits by using Adobe Acrobat and Javacheck updaters:


    adobeupdater.gif



    javaupdater.gif



    Actually, updaters shouldn't even get this far if you have a firewall that monitors outbound connections:


    javaupdateKerio.gif adobeupdaterKerio.gif



    Java, Flash, etc, exploits can be blocked from installing malware executables with security in place to prevent anything happening without user permission:


    [​IMG]


    regards,

    -rich
     
    Last edited: Jun 4, 2011
Loading...
Thread Status:
Not open for further replies.