Saturday, August 21, 2010

How to check if your antivirus software can detect TDSS rootkit

Kaspersky have explained very clearly in its blog how TDSS rootkit infected a computer system boot sector before loading the operating system. In fact Kaspersky also provide solution how to remove the TDSS using its free rootkit remover called "TDSS Killer" which you can download from Kaspersky website.



Our interest in this blog is not about removing the rootkit virus but to test how good is your Antivirus software that you are currently using to detect the present of this malware on websites. If you are using Kaspersky antivirus or internet security it will automatically block the websites it is already listed in Kaspersky's blacklist database. However if you are using Norton, ESET, McAfee, Panda, or any other antivirus software i am not sure if they will block it and you have to test it yourself. Below are the three websites from Botnets Command-and-controls (C&C) which contains TDSS rootkit virus
  • zz87jhfda88.com (record of infected users 119)
  • d45648675.cn  (record of infected users 108)
  • 873hgf7xx60.com (record of infected users 243)
If your anti virus software unable to detect or block the websites or bypassed its detection without problem. There is likely that your computer will be infected by the TDSS rootkit. But if you are infected you can still remove it using Kaspersky "TDSS Killer"

Try this at your own risk!!