»www.prevx.com/blog/172/T ··· ore.html ".. TDL4 authors didn't wait too long and just released an update to its TDL4 rootkit code, making a number of important changes that are able to bypass the patch issued by Microsoft and a number of TDL rootkit scanners available online. Looks like this new TDL4 dropper is still in development stage because there are some bugs in the dropper code. .."
for... things that go bump in the night.... have a hammer ready
seriously though as they are clever so we need to be cleverer
Cudni -- "what we know we know the same, what we don't know, we don't know it differently." Help yourself so God can help you. Microsoft MVP, 2006 - 2011/12
64bit security didn't last long as in this case! Thanks Cudni!
succesfully bypassing all the security countermeasures implemented in the 64 bit version of Windows that should prevent the loading of unsigned drivers and every kind of patch to the Windows kernel.
TH -- Triple Helix - VIP Member Of ASAP - (Alliance of Security Analysis Professionals™) - Official Prevx Support Forum Helper!
Looks like another round of TDL4 gearing up. It looked like development had stalled for a while. Bypasses Microsoft patch. New 32 and 64 bit versions. Buggy but I am sure they will fix it for us.
In the game of cat and mouse, the cat always has the advantage as all they have to do is react, so malware authors always have the advantage. The game goes on. Sometimes I think of it like the battle between Jack Sparrow and Captain Barbossa (and might I say Geoffrey Rush is magnificence as Captain Barbossa) :
Barbossa: So what now, Jack Sparrow? Are we to be two immortals locked in an epic battle until Judgment Day and trumpets sound?
·
·