Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

TDL-4 bypasses Win7 security by getting into MBR

So much for MSFT making users safer.


Get It

Try It

REDMOND (Radsoft) — Good times, bad times: Windows 7 finds no quarter. The new TDL-4 variant of the mighty TDSS rootkit hijacked 4,500,000 luckless Windows boxen in three months. Unix boxen such as OpenBSD, Ubuntu, and Apple's Mac OS X are of course unaffected.

TDSS is virtually undetectable by antivirus software. So much for AV too.

The new TDL-4 operates as a backdoor so further malware can be installed. Almost 1.5 million of the infected machines were in the US. Hackers today are paid commissions on the computers they infect and computers in the US are the most valuable.

Tango Down for Win7

After a full ten years of a slapstick approach to security, Microsoft tried to tell the world they finally had it beat with Win7. No such luck unfortunately: the rootkit began hammering away at Microsoft's OS already ten months ago.

Because Windows systems - including Win7 - are hopelessly insecure, it's no feat for the rootkit to write to the master boot record (MBR) of the computer hard drive. As it's this sector on the hard drive that actually starts the machine, the code there gets to do anything.


  A TDL-4 'Kad' command control centre. Hacking Windows is not only fun - it's big business.

And so the OS startup options are changed so malware can be loaded. Microsoft's idea was they could put guards at the penthouse level without securing the ground floor.

Indestructible but Buggy

The new TDL-4 can't be stopped. It also takes out the competition once it's running. It's the latest in a long and never-ending line of insults to Microsoft and Microsoft customers. But TDL-4 has bugs: the Kaspersky team were able to exploit one to find three databases tracking 4.52 million infected Windows PCs.

After the hysteria whipped up by the Windows AV camp over the non-event 'Mac Defender', TDL-4 serves to put things back in their proper perspective. Mac and Unix users can be fooled as can Windows users; only Windows users suffer attacks through a childishly designed Windows security system.

See Also
Securelist: TDL4 - Top Bot (2011-06-27)
Rixstep Learning Curve: Inside Mac Defender (2011-06-10)
The Register: 'Indestructible' rootkit enslaves 4.5m PCs in 3 months (2011-06-29)
The Register: World's most advanced rootkit penetrates 64-bit Windows (2010-11-16)

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.