TDSS, also known as TDL-4, Alureon and Tidserv, is a Windows rootkit that first emerged in 2008. This malicious software has gained popularity because of its widespread use and effectiveness, and with each iteration, has become more sophisticated and dominant. Typical of rootkits, TDSS aims to compromise your system at its root level—even going as far as to boot before your operating system does. And things take a nasty turn when it replaces a system’s drivers with infected versions.
As one might imagine, the TDSS rootkit is flexible and can be harnessed in a variety of ways depending on the attacker’s intent. Usually, though, it is used to steal sensitive information like credit card numbers, usernames and passwords.
How does the TDSS Rootkit Work?
TDSS usage can be varied and widely applied. In one scenario it might be used to alter your DNS settings by changing registry values, while another variant of the rootkit might aggregate URLs and download files from certain websites. And then there are those versions of the rootkit which directly affect a browser’s settings (most commonly seen with Internet Explorer browsers). Advanced cloaking and lack of defense on the end machine typically enable these processes to remain hidden from the user.
Symptoms of TDSS Rootkit-Infected System
What makes the TDSS rootkit so damaging is the fact that systems infected with it may not always exhibit symptoms. But when they do, they tend to behave in a variety of ways. For example, some TDSS infected systems boot with their keyboards disabled. Others might invoke unwarranted prompts for operating system upgrades. Symptoms of TDSS infections ultimately depend on the attacker, which is why they might be suppressed—particularly, when anonymity is the foremost goal.
TDL-4 is the latest iteration of the malicious TDSS rootkit. It’s predecessor, TDL-1, first appeared in the wild in 2008, and was discovered by Kaspersky Labs. Since then subsequent versions have since been released—each arguably more formidable than the last.
How to Protect your System from Rootkits
As previously mentioned, rootkits are notoriously stealth and undetectable. The same is true for the TDSS rootkit, which has matured, perhaps in lockstep, with the increasing awareness of cybersecurity. Fortunately, anti-virus software like Windows Defender and Kaspersky’s TDSSKiller are proven solutions in combating it. Both packages offer free and premium versions.
Running and maintaining up-to-date security software is critical for avoiding any type of virus infection. Enabling firewall protection and other layers of security also helps. Another lesser known technique involves the delegation of user privileges: This alone can limit the amount of impact a single user can have on an entire system.
But nothing is perhaps more important than thwarting breaches that are socially engineered. Exercising restraint and caution when browsing and downloading files can slow the risk of virus and rootkit infections of all kind. Websites and peer-to-peer networks which host pirated content (such as software, video, mp3 audio, and movies) have at some point or another served as breeding grounds for TDSS rootkits, so steering clear of these will also greatly reduce your exposure. Finally, increased password strength and frequent changes are not only good practice, but time-tested strategies for ensuring safe user experiences.