TDL4 Rootkit
The TDSS Rootkit evolves constantly. PC security researchers have issued a warning against the newest variant of the TDSS Rootkit, the TDL4 Rootkit. This new version of the TDSS Rootkit first appeared in the summer of 2010 and has updated the TDSS Rootkit's methods to enable it to infect computers with 64-bit Windows operating system. While these 64-bit operating systems offered protection against rootkits, criminals are constantly finding new ways to break these protections. It is particularly worrying that the technology behind the TDL4 Rootkit presents a prospect of future malware that is even more difficult to remove than present day infections. Because of this, anti-malware technologies are now evolving to focus on preventing infection in the first place.
Table of Contents
How Hackers Make Money Using the TDL4 Rootkit
Since early 2011, there has been a marked rise in malware threats capable of infecting 64-bit operating systems. As more people start using these operating systems, the hackers meet this new demand by releasing sophisticated malware, designed to infect these 64-bit platforms. The TDL4 Rootkit now gives hackers the ability to infect 64-bit operating systems, leading to the various criminal uses related to the TDSS family of rootkits. These include making money through malware and rogue security programs, blackmailing users with ransomware and integrating infected computers into large botnets. The TDL4 Rootkit has been associated with a large number of infected computers in the United States, which are particularly lucrative for cybercriminals. Computers in a TDL4 botnet are typically sold or rented to criminal organizations for use in DDoS attacks and sending spam emails.
Removal of the TDL4 Rootkit
Rootkits in the TDSS family, like the TDL4 Rootkit, are difficult to remove. This is because these rootkits infect a computer system on a very deep level, directly corrupting the computer's drivers. Because of this, PC security researchers recommend using a specialized tool to remove the TDL4 Rootkit. Most importantly, this kind of harmful infection does not come along. The TDL4 Rootkit is often used in conjunction with Trojans or other kinds of malware. If you have recently removed a malware application from your computer (e.g. adware, Trojans, spyware, worms, or rogue security programs), PC security researchers strongly advise searching for a possible TDL4 Rootkit infection. Computers with a 64-bit Windows operating system are especially vulnerable to the TDL4 Rootkit, as it has been specifically engineered to infect these kinds of systems.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | C:\WINDOWS\SYSTEM32\4DW4R3[RANDOM CHARACTERS].dll | |
| 2. | C:\WINDOWS\system32\drivers\UAC[RANDOM CHARACTERS].sys | |
| 3. | C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3[RANDOM CHARACTERS].sys | |
| 4. | C:\WINDOWS\SYSTEM32\4DW4R3c.dll | |
| 5. | C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dll | |
| 6. | C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys | |
| 7. |
C:\Documents and Settings\ |
|
| 8. | C:\WINDOWS\system32\uacinit.dll | |
| 9. | C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dll | |
| 10. | C:\WINDOWS\system32\drivers\_VOID[RANDOM CHARACTERS].sys | |
| 11. | C:\WINDOWS\_VOID[RANDOM CHARACTERS]\_VOIDd.sys | |
| 12. | C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].dat | |
| 13. | C:\WINDOWS\_VOID[RANDOM CHARACTERS]\ | |
| 14. | %Temp%\UAC[RANDOM CHARACTERS].tmp | |
| 15. | C:\WINDOWS\SYSTEM32\4DW4R3sv.dat | |
| 16. | C:\WINDOWS\system32\_VOID[RANDOM CHARACTERS].dat | |
| 17. | C:\WINDOWS\Temp\_VOID[RANDOM CHARACTERS]tmp | |
| 18. | C:\WINDOWS\system32\uactmp.db | |
| 19. | C:\WINDOWS\system32\UAC[RANDOM CHARACTERS].db | |
| 20. | C:\WINDOWS\Temp\UAC[RANDOM CHARACTERS].tmp | |
| 21. | %Temp%\_VOID[RANDOM CHARACTERS].tmp |
