TDSS: the malignant ‘heart’ of cyber crime

Antivirus champion Kaspersky Lab describes the TDSS malware as the ‘most powerful and complex rootkit to date’. It infects drivers, which ensures that it will be launched almost immediately the operating system is started. Consequently, it is extremely difficult to detect and remove this rootkit. TDSS is spread via an affiliate program: affiliates earn money according to the number of computers they infect; the highest payment is made for machines located in the US. Botnets managed using TDSS, and consisting of approx. 20,000 infected machines, are sold on the black market. The botnets’ command and control centers are located in China, Luxembourg, Hong Kong, Holland, and Russia, Kaspersky Lab reports: it estimates that around 3 million computers have been infected by the rootkit. Check-out this excellent and accessible article by Kaspersky Lab boffins Sergey Golovanov and Vyacheslav Rusakov, that looks at the technologies implemented in TDSS, the way in which the rootkit spreads, and how cyber criminals profit from this malware, that provides an engaging insight into how this pesky code inveigles its way onto our unsuspecting PCs.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s