Posts Tagged ‘TDL4’

ESET LogoWhat do Win32/Redyms and TDL4 have in common?

The substitution of the results of search queries in search engines.

Since the beginning of 2013 ESET’s analytics started tracking interesting family of Trojans – Win32/Redyms. This threat is notable that uses the technique of substituting the results of search queries search engines. We have established that it is the most widely received in the U.S. and Canada. In these countries cybercrime market offers the highest price for the redirection (clicks) user search engines to malicious or advertising resources.

Leading Analyst ESET Alexander Matrosov performed deep analysis Win32/Redyms. The result revealed the similarity of this malicious code to another program – Win32/Agent.TJO, which is also known as part of the family Olmarik/TDL4. Win32/Agent.TJO is a trojan user mode, based on the mechanism of clicker a component of TDL4. And TDL4, and Win32/Agent.TJO, and Win32/Redyms use similar mechanisms to control network traffic, which is the browser. For traffic bot captures several features of the library Microsoft Windows Socket Provider (mswsock.dll): (more…)