Threat Database Rootkits Rootkit TDSS.d

Rootkit TDSS.d

By Sumo3000 in Rootkits

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 2
First Seen: August 23, 2011
Last Seen: June 3, 2021
OS(es) Affected: Windows

Rootkit TDSS.d is a variant of the TDSS Rootkit, a malware infection that has been invading computers since the year 2008, when it was first detected. Variants of the TDSS Rootkit constantly evolve, making them difficult to detect and eradicate. The main difficulty about removing Rootkit TDSS.d is the fact that Rootkit TDSS.d can infect drivers, making this an infection at a very deep level of a computer system, often loading before the operating system itself. ESG PC security researchers recommend seeking out a specialized rootkit removal tool, when trying to deal with a Rootkit TDSS.d infection.

The History of Rootkit TDSS.d and Its Variants

Early versions of Rootkit TDSS.d were designed to infect the clbdriver-sys driver and its associated DLL file. All variants of the TDSS Rootkit retain these parts of the original version of this infection. A characteristic that is unique to the family of TDSS rootkits is that they all display a similar error saying "STATUS_TOO_MANY_SECRETS" as part of their self-protection mechanisms. Rootkit TDSS.d is encrypted, making it very difficult to analyze. An aspect of the encryption of Rootkit TDSS.d that makes Rootkit TDSS.d especially difficult to decipher is that Rootkit TDSS.d's creators interspersed segments of Hamlet (Shakespeare's play) to confuse PC security analysts further. Rootkit TDSS.d is a classic example of the constant arms race between hackers and PC security experts. Newer generations of the TDSS Rootkit are especially difficult to deal with because of the constant updates released for this malignant infection. Whenever PC security researchers find a solution for a new variant of Rootkit TDSS.d, the hackers behind Rootkit TDSS.d release a new version that bypasses the newest solution. While there are constant advances in anti-malware technology, these same advancements are met by similar progress on the part of the criminals that create these kinds of infections.

How Hackers Profit From Rootkit TDSS.d

Rootkit TDSS.d is used to spread Trojans and rogue security programs. It is also used to protect other malware from detection. Rootkit TDSS.d is also associated with the largest botnets, which can be made up of thousands of infected computers. Hackers can use these botnets themselves, or rent them out to other criminals. Rootkit TDSS.d is thought to originate in the Russian Federation, and the botnets that are associated with Rootkit TDSS.d infections are also thought to be controlled from this country. Hackers can use Rootkit TDSS.d to profit, by using Rootkit TDSS.d as part of infections designed to control infected computers and use them to send out spam emails or perform DDoS attacks on specific targets.


Most Viewed