Hackers "fix" XP BSoD rootkit

An update released by Microsoft this month (MS10-015) broke XP machines that were infected with the TDL3 rootkit (also known as TDSS and Tidserv and many other names).

An update released by Microsoft this month (MS10-015) broke XP machines that were infected with the TDL3 rootkit (also known as TDSS and Tidserv and many other names - more info here).

Well, a rootkit that causes crashes is bad for business, so the hackers had an update out in the matter of hours.

On last Tuesday Microsoft released a number of Windows updates, some of them critical because they fixed a 17 years old bug. After some users updated their Windows operating systems, they got a scaring and really annoying blue screen of death.

Most of those users were angry with Microsoft, but the problem this time is not related to Microsoft. Indeed a number of the users affected by this BSOD was infected by TDL3/TDSS rootkit.

More exactly, TDL3 rootkit looks incompatible with MS10-015 update. This is the cause of the BSOD. Problem resides in the lazyness of rootkit writers when writing the driver infection routine.

...

Good news is that TDL3 authors care about us and they released in a couple hours a new updated version of the rootkit compatible with the Microsoft patch.

It's one big cat and mouse game between the good guys and the bad guys.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All