Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Computer Security Rootkit.Win32.TDSS.tdl4 Latest Variant 'TLD4' Unleashes...

Rootkit.Win32.TDSS.tdl4 Latest Variant 'TLD4' Unleashes Malevolent Arsenal Turning PCs into Devils Workshop

By Sumo3000 in Computer Security
Translate To:
English

computer-rootkit-panic-buttonIf you've run across TLD4 or Rootkit.Win32.TDSS.tdl4, we suggest you take a seat because this is going to get quite ugly. TLD4 is a monstrosity so stealth it might just take a virtual exorcism to kick it and its legion (of demonic malware) off your PC.

Cybercriminals fortified an already potent warhead when they released the latest variant and rootkit called TLD4. Yes, this literally means there are at least three earlier versions and if you are not practicing good Internet security, you could end up facing one or more of them, including super germ TLD4. Let's just hope you were smart enough to have backed up your files, programs and configuration settings or may indeed come out on the losing end in one way or another.

What Makes TLD4 A Powerful and Dangerous Enemy?

The main goal of rootkits such as TLD4 is to keep persons or combative tools (i.e. antimalware programs) from finding its malicious files and programs and removing it so some cybercriminal can steal from you and compromise your PC.

To give a more detail description of this threat, rootkits secure malware by doing the following:

  1. Protect critical (but infectious) registry keys by hiding them.
  2. Protect critical (but infectious) files on the disk by hiding them.
  3. Inject malicious code or script into legitimate system processes from a kernel-mode driver.
  4. Hide or mask TCP network ports.
  5. Execute various functions (i.e. terminate processes or threads or hide injected DLL modules, etc.).

Rootkits like TLD4 are often used to fortify rogue security programs or browser hijackers, although they make any malware agent lethal in its attack. Whether the payload is to use scare tactics (i.e. fake alerts, scans, and reporting) to get some unwary PC user to blindly handing over their credit card or bank routing numbers, or to click on dubious links on malicious websites that garners some cybercriminal ill-gained pay-per-click residuals, TLD4 helps elevate the threat several times over.

One victim swore he was facing the devil himself after using what he felt was a stealth and reputable antimalware tool to remove the infectious files and components of TLD4, only to have it return again and again during startup of Windows. Why? TLD4 roots or buries its malicious files and programs in a system's kernel and randomly names or camouflages the files so that one cannot determine if it is legitimate. Having such dangerous malware left on a PC could turn it into a virtual workshop for devilish hackers.

TLD4 will help a Trojan (a malicious program that carries out a set of vicious instructions) bypass your firewall or fool your antimalware tool so that it misfires or fraudulently reads 'clean.'

Other skills of TLD4:

  1. Add malicious filter to system driver stack to hide or bury files.
  2. Intercept commands from a botnet C&C and execute them.
  3. Create malicious search requests to popular search engines.
  4. Intercept victim's searches and spoofs the results.
  5. Mimic user website activity.
  6. Download encrypted files.
  7. Decrypt malicious files and execute or run them.
  8. Modify configuration file.

Some malicious programs that may be invited to the party of TLD4 could initiate the following attacks:

  1. Trojan to steal vital data stored in your cache or directly from web-based forms, even those encrypted. This could be your stored PINs, passwords, usernames, bank or credit card information.
  2. Trojan to track your surfing habits.
  3. Trojan to log your system data such as installed RAM, type of OS, CPU, Computer Name, Admin details, User, Date, Time, Internet Bandwidth, Number of infected imports, etc. This information can help the malware creator better plan future attacks or invasions.
  4. Trojan to spoof your email account and spam all of your friends and family listed on your contact list.
  5. Trojan to exploit a remote assistance tool to give a hacker remote access so he can:
    a. Secretly using your PC as a bot to distribute a DNS attack
    b. Secretly using your PC as a bot to mass spam
    c. Download more malicious files and order more malicious attacks

If you or your antimalware tool cannot find malware agents like these, chances are you also cannot remove them. Imagine restoring your system and data just to have some hacker quietly rob you over and over again, as if you simply left the front door wide open.

Like other malware, TLD4 gains access by exploiting holes or cracks in software and hardware, or by exploiting good ole human behavior. If you are not using good Internet security and are absence a reputable, real-time antimalware tool that updates definitions around the clock, 24/7, your PC might as well be a revolving door for trouble, namely TLD4.

At the first sign of an intrusion, you need to act and act fast. Some less subtle signs might be:

  1. Keyboard not working.
  2. System runs slow or freezing up.
  3. Applications do not run properly.
  4. Homepage changed or browser redirects you to unwanted websites.
  5. Icons added or missing and hardware or drivers inoperable.
  6. System rebooting unexpectedly or system will not reboot at all, forcing a manual shutdown.

Your first response to malware should be disconnecting your Internet to stop any new transmissions of data to some remote server. Getting to a germ-free PC to change your logins and security credentials for all your online accounts, including social networks you and your family enjoy. Finally, you should fight fire with fire and use a reputable antimalware tool equipped with an anti-rootkit utility to dig all traces of TLD4 rootkit-injected malware off your PC - for good!

Loading...