Avecto recommends new strategy to deal with TDL-4 rootkit malware

Massachusetts, (PresseBox) - Commenting on reports that the infamous TDL-4 rootkit malware has been reworked to better withstand antivirus and other IT security software, Avecto says that the removal of admin rights can add an extra layer of defence in the ongoing battle against the malware coders.

According to Mark Austin, chief technology officer with the Windows privilege management specialist, TDL-4 has evolved into a highly-advanced fourth-generation botnet launcher that supports encrypted communications and decentralised controls, as well as the ability to detect and delete other malware.

"TDL-4 is a damaging piece of code that takes the competitor-removing aspects of darkware we saw with SpyEye - and its ability to detect and delete Zeus - and adds all manner of evasive technologies that make conventional pattern/heuristic analyses a lot more difficult," he said.

"The removal of admin rights is a powerful option as part of a multi-layered IT security strategy in the constant battle against darkware in all its shapes and forms. Even if you are unfortunate to find one or more user accounts have been compromised by a phishing attack, for example, the fact that the account(s) are limited in what they can do helps to reduce the effects of the security problem," he added.

According to Avecto's chief technology officer, as his colleagues at ESET have revealed, several professionals have been monitoring the TDL-4 botnet for some time, and have tracked a new phase in its evolution.

Malware like this, says Austin, is almost certain to evolve, with cybercriminals repurposing elements of what is essentially a modular suite of malware, adding enhancements to certain features, deleting older code, and adding new elements to take advantage of newly-discovered attack vectors.

"It isn't rocket science that will defeat new evolutions of existing malware - or for that matter completely new darkware code. What is needed is a carefully planned strategy, with well thought out implementations that use multiple elements of security which, when combined, are greater than the sum of their components," he said.

"Privileged account management can greatly assist IT professionals in this regard, as it adds an extra string to their defensive bow. This is all part of the GRC - governance, risk management and compliance - balancing act that is modern IT security management," he added.

For more on Avecto: http://www.avecto.com
For more on the evolution of TDL-4: http://bit.ly/u8QKJc

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

DSGVO verändert die Gesundheitsbranche

Die Da­ten­schutz-Grund­ver­ord­nung (DSG­VO / GD­PR) zählt Ge­sund­heits­da­ten und ge­ne­ti­sche Da­ten zu den be­son­de­ren Ka­te­go­ri­en per­so­nen­be­zo­ge­ner Da­ten, für die spe­zi­el­le Vor­schrif­ten be­ste­hen. Wer im wei­ten Feld des Ge­sund­heits­we­sens tä­tig ist, muss sich ins­be­son­de­re die The­men Ein­wil­li­gung, Da­ten­si­cher­heit, au­to­ma­ti­sier­te Ent­schei­dun­gen und Da­ten­schutz-Fol­gen­ab­schät­zung ganz ge­nau an­se­hen.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.