Hengelo, The Netherlands, August 27, 2010 - With the discovery of a new variant of the advanced TDL3 rootkit, 64-bit Windows systems appear vulnerable for infection by this rootkit.
The TDL3 rootkit is infecting millions of computers worldwide since October 2009 and causes headaches for the market leading security vendors. The rootkit buries itself deep into Windows where most Antivirus programs are unable to detect it, simply because they think the malware is part of the operating system.
The new variant of the TDL3 rootkit is unique because it now is also able to infect 64-bit Windows by modifying the Master Boot Record (MBR) on the hard disk. From here it is able to intercept and modify startup routines so it can load its own driver. This 64-bit TDL3 rootkit is bypassing 2 security barriers that are unique for the security and stability of 64-bit Windows systems: both PatchGuard as well as the check on signed drivers, a requirement on 64-bit Windows.
The TDL3 rootkit caused in February 2010 many computer crashes due to a conflict with a Microsoft security update. Thousands of computers crashed. The professional criminals behind the TDL3 rootkit quickly modified their code and 'solved the problem'.
Dutch security vendor SurfRight is following the development of the TDL3 rootkit carefully. Their second opinion Antivirus program Hitman Pro is designed to detect and remove known and unknown threats, especially where the market leading vendors are lacking a solution. Statistics from SurfRight shows that 67% of the TDL3-infected systems had Antivirus software installed. 31% of the threats that Hitman Pro finds daily are TDL3 rootkit infections.
The TDL3 rootkit is also known as the "Google Redirect Virus". While surfing the Internet, the TDL3 rootkit redirects search results to malicious webpages that infect the computer with Trojans, spyware and other malicious programs (malware). Most security programs are able to block or remove these new threats, but the TDL3 rootkit itself remains invisible and is ready to infect the computer again.
Hitman Pro 3 can scan a computer in only a few minutes from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware using a Behavioural Scan. The actual verification of these potential malware files is then done on the Hitman Pro servers, the "Scan Cloud", which incorporates a hosted multi-vendor scanning service. Hitman Pro 3 uses 7 different antivirus programs to analyse the suspicious files.
Hitman Pro 3 can be used in addition to your existing antivirus program. Scanning your PC is free so Hitman Pro 3 is an ideal solution to check if your current antivirus program is protecting you sufficiently. A free version can be downloaded from www.hitmanpro.com
SurfRight B.V. was founded in 2008, based on the freeware project Hitman Pro 1 and 2 with a user base of more than 3 million users. SurfRight is dedicated to the development of smart, efficient and user-friendly security solutions for the average computer user. Hitman Pro 3 and the Caretaker product family include solutions against unsolicited mail (spam), online fraud (phishing), viruses and other malware.
Links:
http://www.youtube.com/watch?v=rMS-kxbo5fc (Hitman Pro detects 64-bit TDL3 rootkit)