I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute.
The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older and newer information and the separation of the topics useful. Or not. 
Anyway, the subversion of 64-bit Windows is certainly still an interesting topic.
All three articles are linked on the white papers page at http://www.eset.com/us/documentation/white-papers:
TDSS part 1: The x64 Dollar Question
Considers and contrasts the distribution and installation of the TDL3 and TDL4 bootkits.
TDSS part 2: Ifs and Bots Looks in more depth at the internals of the TDSS malware.
TDSS part 3: Bootkit on the other foot
The last part of the series describes the TDSS loading process.
Related Posts
- Analysis: TDSS. TDL-4
A new variant of the rootkit, TDL-4, which can infect both 32-bit and 64-bit operating systems, appeared sometime between July and August, 2010.
Full story: Securelist / All Updates... - TDL4 rootkit is coming back stronger than before
After some months since the last blog post about the TDL rootkit, we have to come back and write again about this nasty threat that is targetting both 32 bit and 64 bit versions of the Windows operati... - Compromised ads leading to TDSS rootkit infections
As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and s... - Memory forging attempt by a rootkit
Some time ago a new rootkit appeared which at first glance seemed more similar to initial variants of TDL3 than to the updated TDL4 variants we have seen this year. Like TDL3 it also parasitically inf... - KB2506014 kills TDL4 on x64
Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64... - Stuxnet Analysis 1.31 and TDSS article
Further to my earlier blog about Stuxnet resources, version 1.31 of "Stuxnet Under the Microscope" is now available on the white papers page. It's been updated to add pointers to ad... - Dissecting the Autostart Technique of TDSS
The TDSS family of malware remains a significant threat for users today, largely due to its powerful stealth capabilities that hide its main components from security applications. This can be seen in... - Blog: TDL4 Starts Using 0-Day Vulnerability!
In early December, Kaspersky Lab experts detected samples of the malicious program TDL4 (a new modification of TDSS) which uses a 0-day vulnerability for privilege escalation under Windows 7/2008 x86... - TDL3 undetected – Trend Micro Internet Security 2010
Trend Micro Internet Security 2010 fails to detect and remove a live TDL3 infection.... - TDSS Pretending To Be Tweetdeck Update
Timing is everything–especially if you’re trying to spread malware. Last week, the developers of the popular Twitter application Tweetdeck notified users that due to changes in the supported aut...
Posted on 02 May 2011. Tags: TDL3, TDL4, TDSS
The above information is reprinted from and copyrighted © by ESET ThreatBlog.
