A new backdoor taking a key part in development of the Tdss botnet has been discovered by the Russian anti-virus vendor Doctor Web.

Malicious programs used to maintain operation of the botnet feature latest techniques that allow them to evade detection by anti-viruses and hamper analysis of malicious files. Such techniques include use of polymorphic packers and wide application of rootkit methods. The backdoor discovered by virus analysts of Doctor Web is capable of disabling file monitors of anti-viruses and evading detection by several popular anti-rootkits.

One of the main functions of BackDoor.Tdss is downloading other malicious modules from special servers used to spread malware over the Internet. Once a piece of malicious code is downloaded, it is executed or injected into the code of a system process.

BackDoor.Tdss is spread as a fake video codec or can get into a system using certain vulnerabilities of Windows.

Doctor Web has released a hot update of its Dr.Web anti-virus scanner that allows the anti-virus to detect the running backdoor and cure the system. In order to cope with modifications of BackDoor.Tdss certain improvements have been done to the anti-rootkit component of the anti-virus. Now Dr.Web Shield exposes and neutralizes all known modifications of the malicious program.

Windows vulnerabilities are one of the most common ways for malicious programs get into a system. Doctor Web recommends keeping virus databases as well as software components of your anti-virus software up-to-date for more efficient protection from malicious programs using latest stealth technologies.