Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

New modification of BackDoor.Tdss disrupts operation of anti-viruses

March 30, 2009

A new backdoor taking a key part in development of the Tdss botnet has been discovered by the Russian anti-virus vendor Doctor Web.

Malicious programs used to maintain operation of the botnet feature latest techniques that allow them to evade detection by anti-viruses and hamper analysis of malicious files. Such techniques include use of polymorphic packers and wide application of rootkit methods. The backdoor discovered by virus analysts of Doctor Web is capable of disabling file monitors of anti-viruses and evading detection by several popular anti-rootkits.

One of the main functions of BackDoor.Tdss is downloading other malicious modules from special servers used to spread malware over the Internet. Once a piece of malicious code is downloaded, it is executed or injected into the code of a system process.

BackDoor.Tdss is spread as a fake video codec or can get into a system using certain vulnerabilities of Windows.

Doctor Web has released a hot update of its Dr.Web anti-virus scanner that allows the anti-virus to detect the running backdoor and cure the system. In order to cope with modifications of BackDoor.Tdss certain improvements have been done to the anti-rootkit component of the anti-virus. Now Dr.Web Shield exposes and neutralizes all known modifications of the malicious program.

Windows vulnerabilities are one of the most common ways for malicious programs get into a system. Doctor Web recommends keeping virus databases as well as software components of your anti-virus software up-to-date for more efficient protection from malicious programs using latest stealth technologies.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040