Windows rootkit battle proves there’s no honor among thieves
Nobody loves malware developers – apparently, not even other malware developers. A fight between a devious rootkit creator and a backstabbing patron proves the old adage: all’s fair in love and (cyber) war.
The Register broke the story about an unknown Russian hacker who sells his rootkit code, called TDL, online. Even hackers have to eat, right? Unfortunately for him, one particular sale provided him with enough humble pie to last a lifetime.
A group that snapped up TDL evolved it into ZeroAccess – a variant that actually undoes damage wrought by TDL. In other words, if your PC is infected by TDL and then you catch ZeroAccess, TDL is removed from your system.
The Register spoke to Jacques Erasmus, a malware expert at Webroot, who provided the site with his technical expertise. The ongoing feud centers around the malware’s latest iteration TDL3, he said. Erasmus explained that a specific module called Anti-TDL is actually what’s eradicating the infection. The cyber guru believes the group that designed ZeroAccess purposely took the time to craft anti-TDL. Competition among illegal code jockeys is a brutal thing.
Colorado-based Webroot specializes in identifying and solving Internet security threats. Its Threat Blog has previously covered the pitfalls of ZeroAccess. One variant of the rootkit can effectively render anti-virus software useless via a “virtual tripwire.” While deleting TDL is a pleasant side effect, it’s still not something you want clinging to your system’s innards. (via PC World)
Have you encountered TDL or its bastard child ZeroAccess and lived to tell the tale? Let us know in the comment section.
There are 1 comments
- Senior Moderator
- Posted on: 11 Aug 11 20:41
Most popular headlines
- Mon 21 Jul 09:07 by Bavo Luysterborg
Myce managed to get 2 new Windows Threshold screenshots, one shows the new start...
- Wed 16 Jul 01:07 by Vroom
Review: Corsair Voyager GTX 128GB Reviewed by: Antonis Sapanidis Pro...
- Sat 19 Jul 05:07 by Kerry Brown
After four years of discussions between media companies and internet service pro...
- Mon 21 Jul 05:07 by Kerry Brown
Western Digital is expanding its line of NAS (network attached storage) drives, ...
- Thu 17 Jul 11:07 by DoMiN8ToR
Microsoft is planning to lay off 18,000 employees in one year, of which likely 1...