Description: Microsoft released security update KB2506014 on April 12 to address a vulnerability which allowed unsigned drivers to be loaded by 64-bit Windows. The TDSS/Alureon rootkit family, where TDL4 is a part of, was one of the more advanced rootkits that abused this vulnerability to load the rootkit during Windows boot up. TDL4 is also known as the Google Redirect Virus.
TDL4 infects the Master Boot Record (MBR) and effectively loads before Windows boot up. This gives so called bootkits the upper hand in countering the protection mechanisms introduced by 64-bit Windows.
TDL-4 is a highly advance and very dangerous rookit. This rookit will infect your master boot record. This malware encrypted with some custom algorithms. So it is hard to detect.
Source :- http://hitmanpro.wordpress.com/2011/05/02/tdl4-bootkit-reinstates-64-bit-infection-capability/
http://hitmanpro.wordpress.com/2011/05/02/tdl4-bootkit-reinstates-64-bit-infection-capability/
http://blog.eset.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain
Tags: tdl4 , bootkit , malware , virus ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
IDA Rocks, It will also disassemble the bootloader nice.