Myce.com Latest Updates

Windows rootkit battle proves there’s no honor among thieves

Posted at 11 August 2011 18:35 CEST by Justin_Massoud

Nobody loves malware developers – apparently, not even other malware developers. A fight between a devious rootkit creator and a backstabbing patron proves the old adage: all’s fair in love and (cyber) war.

The Register broke the story about an unknown Russian hacker who sells his rootkit code, called TDL, online. Even hackers have to eat, right? Unfortunately for him, one particular sale provided him with enough humble pie to last a lifetime.

A group that snapped up TDL evolved it into ZeroAccess – a variant that actually undoes damage wrought by TDL. In other words, if your PC is infected by TDL and then you catch ZeroAccess, TDL is removed from your system.

The Register spoke to Jacques Erasmus, a malware expert at Webroot, who provided the site with his technical expertise. The ongoing feud centers around the malware’s latest iteration TDL3, he said. Erasmus explained that a specific module called Anti-TDL is actually what’s eradicating the infection. The cyber guru believes the group that designed ZeroAccess purposely took the time to craft anti-TDL. Competition among illegal code jockeys is a brutal thing.

Colorado-based Webroot specializes in identifying and solving Internet security threats. Its Threat Blog has previously covered the pitfalls of ZeroAccess. One variant of the rootkit can effectively render anti-virus software useless via a “virtual tripwire.” While deleting TDL is a pleasant side effect, it’s still not something you want clinging to your system’s innards. (via PC World)

Have you encountered TDL or its bastard child ZeroAccess and lived to tell the tale? Let us know in the comment section.

Click for more news

piracysoftware

Click to share

There are 1 comments

mciahel
Senior Moderator
Posted on: 11 Aug 11 20:41
    Hm. Well. Malware is a business (no hackers but simple criminals), and that a certain piece of malware is disabled, deleted or otherwise neutered by some other malware from the competition is not what I'd consider as something new

    MIchael

    Post your comment

    You need to register before you can comment

    Like us

    Most popular headlines

    TuneIn radio app update disappoints many users - requires social login

    The popular mobile radio app TuneIn receives a lot of negative comments after th...

    Xbox One owners complain about "horrible noise" coming from console

    Xbox One owners complain about noise coming out of their game console. The issue...

    TDMore releases free DVD Copy software - claims faster than others

    TDMore today announced the availability of "Free DVD Copy" which allow...

    Leaked Windows 9 screenshots clearly show new Start menu and more

    Several German websites have been provided with new screenshots of Windows 9. Th...

    HGST announces enterprise 6TB and 8TB hard drives, with plans for 10TB HDD and 3.2TB SSD

    HGST (informally known to most as Hitachi's storage division, though it it now o...

    See all headlines
    Follow Myce.com