My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

New modification of BackDoor.Tdss disrupts operation of anti-viruses

March 30, 2009

A new backdoor taking a key part in development of the Tdss botnet has been discovered by the Russian anti-virus vendor Doctor Web.

Malicious programs used to maintain operation of the botnet feature latest techniques that allow them to evade detection by anti-viruses and hamper analysis of malicious files. Such techniques include use of polymorphic packers and wide application of rootkit methods. The backdoor discovered by virus analysts of Doctor Web is capable of disabling file monitors of anti-viruses and evading detection by several popular anti-rootkits.

One of the main functions of BackDoor.Tdss is downloading other malicious modules from special servers used to spread malware over the Internet. Once a piece of malicious code is downloaded, it is executed or injected into the code of a system process.

BackDoor.Tdss is spread as a fake video codec or can get into a system using certain vulnerabilities of Windows.

Doctor Web has released a hot update of its Dr.Web anti-virus scanner that allows the anti-virus to detect the running backdoor and cure the system. In order to cope with modifications of BackDoor.Tdss certain improvements have been done to the anti-rootkit component of the anti-virus. Now Dr.Web Shield exposes and neutralizes all known modifications of the malicious program.

Windows vulnerabilities are one of the most common ways for malicious programs get into a system. Doctor Web recommends keeping virus databases as well as software components of your anti-virus software up-to-date for more efficient protection from malicious programs using latest stealth technologies.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments