Bloggers BEWARE TDSS

Hackers are compromising WordPress 3.2.1 blogs in order to infect visitors with the nasty “TDSS rootkit”, according to Websense.  Once access has been gained to a blog,  malicious JavaScript code is injected into its pages to load a Java exploit from a third-party server.  Websense is quoted on InfoWorld as saying, “From our analysis the number of infections is growing steadily (100+).”

The TDSS rootkit is one of the stealthiest rootkits in the wild, seeking to acquire total control of infected PCs for use as zombies in its botnet.  TDSS infects system drivers;  once activated, it infects the hard drive’s boot sector, ensuring that its malicious payload is loaded into memory before the operating system.  This greatly complicates the detection and removal of TDSS.  Newer variants have seen significant developments, maturing the rootkit further, improving its self-protection capabilities, bug-fixing, developing the payload, and reacting promptly to new detection technologies.

To ensure the rootkit gets firmly implanted within the system, the crooks have begun using a file infecting virus which injects code into driver software. This ensures the rootkit is loaded immediately after the operating system starts, if it isn’t already present.

This malware agent is particuloarly popular with fake A/V scammers, and “affiliate marketers” looking to make fast money on other people’s pain.  Learn more about his nasty malware at Kapersky’s SecureList Blog.

Advertisements