Avecto recommends new strategy to deal with TDL-4 rootkit malware
October 2011 by Avecto
Commenting on reports that the infamous TDL-4 rootkit malware has been reworked to better withstand antivirus and other IT security software, Avecto says that the removal of admin rights can add an extra layer of defence in the ongoing battle against the malware coders.
According to Mark Austin, chief technology officer with the Windows privilege management specialist, TDL-4 has evolved into a highly-advanced fourth-generation botnet launcher that supports encrypted communications and decentralised controls, as well as the ability to detect and delete other malware.
“TDL-4 is a damaging piece of code that takes the competitor-removing aspects of darkware we saw with SpyEye - and its ability to detect and delete Zeus - and adds all manner of evasive technologies that make conventional pattern/heuristic analyses a lot more difficult,” he said.
”The removal of admin rights is a powerful option as part of a multi-layered IT security strategy in the constant battle against darkware in all its shapes and forms. Even if you are unfortunate to find one or more user accounts have been compromised by a phishing attack, for example, the fact that the account(s) are limited in what they can do helps to reduce the effects of the security problem,” he added.
According to Avecto’s chief technology officer, as his colleagues at ESET have revealed, several professionals have been monitoring the TDL-4 botnet for some time, and have tracked a new phase in its evolution.
Malware like this, says Austin, is almost certain to evolve, with cybercriminals repurposing elements of what is essentially a modular suite of malware, adding enhancements to certain features, deleting older code, and adding new elements to take advantage of newly-discovered attack vectors.
“It isn’t rocket science that will defeat new evolutions of existing malware – or for that matter completely new darkware code. What is needed is a carefully planned strategy, with well thought out implementations that use multiple elements of security which, when combined, are greater than the sum of their components,” he said.
“Privileged account management can greatly assist IT professionals in this regard, as it adds an extra string to their defensive bow. This is all part of the GRC – governance, risk management and compliance - balancing act that is modern IT security management,” he added.