TDSS is not only one of the most important bots at the moment in terms of infection count, but also one of the most sophisticated. It has a hidden partition on the infected machine that hosts the code to subvert the OS before it starts, it can infect both 32- and 64-bit versions of Windows 7 and comes with a peer-to-peer communication model between the infected client and the C&C server.
Its complexity and efficiency have made TDSS extremely popular in the cyber underworld. Many current malicious operations are â€œpowered byâ€clones of TDSS/TDL4 which now appears to be sold as a service.
The increasing number of infections with TDSS variants such as Pihar.A, Pihar.B, Sst.A and Sst.B (MAXSS) prompted us to update the removal tool we published in August. The new tool is able to detect and clean infections with all known clones of TDSS and can be downloaded for free from the Downloads Page of Malware City.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This removal tool is available courtesy of Mihail Andromic, malware researcher.