Avecto recommends new strategy to deal with TDL-4 rootkit malware
According to Mark Austin, chief technology officer with the Windows privilege management specialist, TDL-4 has evolved into a highly-advanced fourth-generation botnet launcher that supports encrypted communications and decentralised controls, as well as the ability to detect and delete other malware.
"TDL-4 is a damaging piece of code that takes the competitor-removing aspects of darkware we saw with SpyEye - and its ability to detect and delete Zeus - and adds all manner of evasive technologies that make conventional pattern/heuristic analyses a lot more difficult," he said.
"The removal of admin rights is a powerful option as part of a multi-layered IT security strategy in the constant battle against darkware in all its shapes and forms. Even if you are unfortunate to find one or more user accounts have been compromised by a phishing attack, for example, the fact that the account(s) are limited in what they can do helps to reduce the effects of the security problem," he added.
According to Avecto's chief technology officer, as his colleagues at ESET have revealed, several professionals have been monitoring the TDL-4 botnet for some time, and have tracked a new phase in its evolution.
Malware like this, says Austin, is almost certain to evolve, with cybercriminals repurposing elements of what is essentially a modular suite of malware, adding enhancements to certain features, deleting older code, and adding new elements to take advantage of newly-discovered attack vectors.
"It isn't rocket science that will defeat new evolutions of existing malware - or for that matter completely new darkware code. What is needed is a carefully planned strategy, with well thought out implementations that use multiple elements of security which, when combined, are greater than the sum of their components," he said.
"Privileged account management can greatly assist IT professionals in this regard, as it adds an extra string to their defensive bow. This is all part of the GRC - governance, risk management and compliance - balancing act that is modern IT security management," he added.
For more on Avecto: http://www.avecto.com
For more on the evolution of TDL-4: http://bit.ly/u8QKJc
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
DSGVO verändert die Gesundheitsbranche
Die Datenschutz-Grundverordnung (DSGVO / GDPR) zählt Gesundheitsdaten und genetische Daten zu den besonderen Kategorien personenbezogener Daten, für die spezielle Vorschriften bestehen. Wer im weiten Feld des Gesundheitswesens tätig ist, muss sich insbesondere die Themen Einwilligung, Datensicherheit, automatisierte Entscheidungen und Datenschutz-Folgenabschätzung ganz genau ansehen.Weiterlesen