New TDSS/TDL4 Malware Infects 46 Of Fortune 500

  /     /     /  
Publicated : 22/11/2024   Category : security


New TDSS/TDL4 Malware Infects 46 Of Fortune 500


New Domain Generation Algorithm-based malware claims at least 250,000 victims



A new iteration of TDSS/TDL4 malware has infected at least 250,000 victims, including 46 companies in the Fortune 500, researchers said Monday.
According to a
new report on the TDSS/TDL4 malware
published by security firm Damballa, the new attack is using domain generation algorithm (DGA)- based communication for command-and-control (C&C).
Used by Murofet, Sinowal and the recent Mac-based Flashback malware, DGA communications techniques are being used to successfully evade detection by blacklists, signature filters and static reputation systems, and to hide C&C infrastructure, Damballa reported.
TDSS/TDL4 is malware known to infect the master boot record (MBR) of computers, making it resistant to common practices in remediation. It has been described as the indestructible botnet, with the ability to act as a launch pad for other malware. At one point it was reported as having infected over 4.5 million victims.
A total of 85 hosting servers and 418 unique domains were identified as being related to the new TDSS/TDL4 threat, Damballa said. The top three hosting countries for the C&C servers are Russia (26 hosts), Romania (15 hosts) and the Netherlands (12 hosts).
By adding elusive DGA C&C capabilities to malware that already evades detection and circumvents best practices in remediation by infecting master boot records, TDL4 is becoming increasingly problematic, said Manos Antonakakis, director of academic sciences for Damballa.
With its known ability to act as a launch pad for other malware, and TDSS history of sub-leasing access to their victims, these hidden infections in corporate networks go undetected for long periods of time, Antonakakis said.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New TDSS/TDL4 Malware Infects 46 Of Fortune 500