Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

TDL-4 Damage Limitation By Restricting Administrative Access Rights

Avecto : 27 October, 2011  (Technical Article)
Improved privilege management for network users can mitigate the damage caused by the latest generation powerful botnet launching malware TDL-4
TDL-4 Damage Limitation By Restricting Administrative Access Rights
Commenting on reports that the infamous TDL-4 rootkit malware has been reworked to better withstand antivirus and other IT security software, Avecto says that the removal of admin rights can add an extra layer of defence in the ongoing battle against the malware coders.

According to Mark Austin, chief technology officer with the Windows privilege management specialist, TDL-4 has evolved into a highly-advanced fourth-generation botnet launcher that supports encrypted communications and decentralised controls, as well as the ability to detect and delete other malware.

“TDL-4 is a damaging piece of code that takes the competitor-removing aspects of darkware we saw with SpyEye - and its ability to detect and delete Zeus - and adds all manner of evasive technologies that make conventional pattern/heuristic analyses a lot more difficult,” he said.

”The removal of admin rights is a powerful option as part of a multi-layered IT security strategy in the constant battle against darkware in all its shapes and forms. Even if you are unfortunate to find one or more user accounts have been compromised by a phishing attack, for example, the fact that the account(s) are limited in what they can do helps to reduce the effects of the security problem,” he added.

According to Avecto's chief technology officer, as his colleagues at ESET have revealed, several professionals have been monitoring the TDL-4 botnet for some time, and have tracked a new phase in its evolution.

Malware like this, says Austin, is almost certain to evolve, with cybercriminals repurposing elements of what is essentially a modular suite of malware, adding enhancements to certain features, deleting older code, and adding new elements to take advantage of newly-discovered attack vectors.

“It isn't rocket science that will defeat new evolutions of existing malware – or for that matter completely new darkware code. What is needed is a carefully planned strategy, with well thought out implementations that use multiple elements of security which, when combined, are greater than the sum of their components,” he said.

“Privileged account management can greatly assist IT professionals in this regard, as it adds an extra string to their defensive bow. This is all part of the GRC – governance, risk management and compliance - balancing act that is modern IT security management,” he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo