Sunday, August 14, 2011

Webroots interesting article on ZeroAccess and TDL3

 The Webroot Security team has been doing more research into the ZeroAccess rootkit. In their latest blog post that seem to have found some more interesting information. They seem to have found that the ZeroAccess rootkit and TDL3 rootkit may be connected/related in some way. Looking into what they have found does make it seem they may be related in some sort of way.

 Now anyone who has been infected by TDL3 as it was first actively spreading in Q1 2010 knows how nasty this rootkit has been and how hard AV teams were working on improving their detection rates for this malware. ZeroAccess may be the next advancement of TDL3, as malware keeps growing quicker and quicker it has been forcing AV vendors to continue to improve their detection of their products. It continues to be a cat and mouse game, at one point the malware writers are winning then the AV vendors catch up with new tech, then the malware writers upgrade their malware and the war goes on and on.

No comments:

Post a Comment