I see a lot of articals like Indestructible TDSS botnet is spotted in the tech press at the moment, but I have seen nothing about how to detect it. Any one know of any simple tool or test?
Asked
Active
Viewed 345 times
1
-
it sits in the master boot record. According to the BBC article this is an area of the disk "rarely scanned by anti-virus products". That gives you an idea of the hysterical over-hyping of this. – Sirex Jul 01 '11 at 11:26
-
Oh, and don't forget the scary "custom encryption", which is obviously much more encrypted than normal encryption. – Sirex Jul 01 '11 at 11:27
-
@Sirex: this why I am trying to figure out if this is more that 'hysterical over-hyping' or there is more too this. If there is a problem what can we do to detect it and hence reinstall before it become a critical problem for our net. – David Allan Finch Jul 01 '11 at 11:39
-
1Botnets are in vogue currently, as are lame hacking / ddos stories. It's hard to say what the real threats are currently due to massive over hyping. If it does live in the MBR, it should be detected by normal anti virus soon enough, I think the "indestructible" blarb was more to do with the c&c setup. – Sirex Jul 01 '11 at 12:22
-
More info for those interested... http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4 – Joe Internet Jul 01 '11 at 14:33
