Hitman Pro detects 64-bit variant of TDL3 rootkit

Since build 79 (released on November 30, 2009) Hitman Pro is capable in detecting and removing the highly sophisticated TDL3 rootkit. Since then the rootkit has changed a dozen times to counteract the tools that were able to remove it.

A few days ago the TDL3 rootkit authors gave their creation a major update: support for 64-bit Windows.

64-bit Windows was always a problem for rootkits due to PatchGuard giving 64-bit Windows additional protection against this class of malware. Well no longer as the TDL3 rootkit took the leap to 64-bit!

We have made a video to illustrate that the 64-bit TDL3 rootkit works on Windows 7 Professional x64 and how it is detected (*) by Hitman Pro.

Our statistics show that this 64-bit rootkit is not yet widely spread. This is mainly caused by the fact that the rootkit needs more work as it is unstable. But you can expect the authors will improve their creation over the next few weeks, starting a new chapter in rootkit history.

*) The current build of Hitman Pro is not yet capable of removing the 64-bit TDL3 infection.

One Response to Hitman Pro detects 64-bit variant of TDL3 rootkit

%d bloggers like this: