April 30, 2013, 2:45 pm
in Anti-Malware Research, Free Tools , by Razvan Stoica

New TDL clones are making the rounds these days, according to Bitdefender Labs antimalware researcher Marius Tivadar. The samples in question (which are just now completely analyzed) date from the beginning of April.

3 Comments
February 14, 2013, 4:36 pm
in Anti-Malware Research , by Razvan Stoica

Antimalware researchers Marius Tivadar and Cristian Istrate are back, this time with an update on the infamous CPD bootkit family:

Comments Off on CPD Makes Use of Hidden Sectors
February 12, 2013, 11:05 am
in Uncategorized , by Razvan Stoica

Antimalware researchers Marius Tivadar and Cristian Istrate are back with a small update from the labs, this time about the Whistler bootkit family.

Comments Off on Unencrypted Whistler Variant in the Wild
February 1, 2013, 3:43 pm
by Razvan Stoica

The Bitdefender Rootkit Remover deals with known rootkits quickly and effectively making use of award-winning Bitdefender malware removal technology. Unlike other similar tools, Bitdefender Rootkit Remover can be launched immediately, without the need to reboot into safe mode first (although … Continue reading

95 Comments
May 18, 2012, 3:16 pm
in Anti-Malware Research , by Razvan Stoica

The ZeroAccess crimeware package has beed made rather much of, in view of its advanced kernel-mode rootkit driver. The Sirefef rootkit is highly aggressive and rather hard to detect; it exhibits polymorphism, overwrites legitimate system driver files to replace them … Continue reading

4 Comments
April 23, 2012, 4:28 pm
in Anti-Malware Research , by Razvan Stoica

A new bootkit-enhanced file infector is making the rounds and its design spells headaches for the unwary antimalware analyst.  Bitdefender researcher Mircea Pavel has the low-down: ‘Following the latest trend of adding bootkit functionalities to classic file infectors or trojans … Continue reading

4 Comments
March 28, 2012, 3:38 pm
in Anti-Malware Research , by Razvan Stoica

With the recent explosion of bootkit variants, “old” trojans are getting a new lease of life by including bootkit functionality.  As part of our ongoing series on emerging e-threats, we present Rootkit.MBR.Yurn.A, which has managed to avoid (so far) detection … Continue reading

1 Comment
November 15, 2011, 4:35 pm
in Uncategorized , by Razvan Stoica

TDL 4 variants have surfaced recently, making security researchers suspect that the code may have been sold on the black market. 

7 Comments