TDSS: Rootkit Technologies at the Heart of Cybercrime

August 5, 2010

TDSS is the most powerful and complex rootkit to date. This universal malware can hide its own presence and that of other malware on an infected system while offering enhanced opportunities.

TDSS is the most powerful and complex rootkit to date. This universal malware can hide its own presence and that of other malware on an infected system while offering enhanced opportunities. In order to penetrate computers, TDSS infects drivers; this ensures that it will be launched almost immediately the operating system is started. Consequently, it is extremely difficult to detect and remove this rootkit.

Kaspersky Lab has invested significant time and effort into solving the issues raised by TDSS. It has authored an article that looks at the technologies implemented in TDSS, the way in which the rootkit spreads, and how cybercriminals profit from this malware.

TDSS is spread via an affiliate program, which uses all methods possible to deliver malware to victim machines. The rootkit attacks computers around the world.

Kaspersky Lab estimates that three million computers have been infected by the rootkit. Affiliates earn money according to the number of computers they infect; the highest payment is made for machines located in the USA.

Botnets managed using TDSS, and consisting of approximately 20,000 infected machines, are sold on the black market. The botnets’ command and control centers are located in China, Luxembourg, Hong Kong, Holland and Russia. The rootkit has a broad range of capabilities, and can be used in a variety of ways depending on what the malware authors and/or the renters or owners of botnets creating using TDSS wish to achieve.

“TDSS is sophisticated in terms of technology and design. Our analysis of the rootkit leads us to believe that its creators are either Russian or Russian speaking. They follow developments in the antivirus industry and instantly react by releasing updated versions of the rootkit. It’s therefore likely that the rootkit functionality will be modified in the near future in order to further counteract protection technologies,” say Sergey Golovanov and Vyacheslav Rusakov, the authors of the article.

The full version of the TDSS article is available at www.securelist.com/en.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

TDSS: Rootkit Technologies at the Heart of Cybercrime

TDSS: Rootkit Technologies at the Heart of Cybercrime

About Kaspersky

Related Articles Press Releases

Dangerous Loki backdoor discovered: Kaspersky experts identify agent in Russian company cyberattacks

DIY Ransomware: novice cybercriminals bigger threat thanks to off-the-shelf code

Kaspersky identifies new APT group targeting Russian government entities

SMB cyber infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Every third cyber incident was due to ransomware, Kaspersky reports

Global mobile banking malware grows 32 percent in 2023

Turkey, Russia, Southeast Asia and Latin America hit by Android threats, Kaspersky identifies

‘Coyote’ ugly: Kaspersky unveils banking trojan targeting over 60 institutions

New cross-platform threats uncovered by Kaspersky

Kaspersky reveals advanced tactics in cyber espionage campaigns using MATA toolset