Aleksandr Matrosov is a Senior Malware Researcher at ESET. He is also a Lecturer at the Cryptology and Discrete Mathematics at National Nuclear Research University MEPh. He specializes in the analysis of malicious threats and cybercrime activity.
Eugene Rodionov is a malware researcher for ESET. Rodionov also holds the position of Lecturer at the National Nuclear Research University MEPhI in Russia. His interests include kernel-mode programming, anti-rootkit technologies, reverse engineering and cryptology.
David Harley is a Senior Research Fellow at ESET. He is a Director of the Anti-Malware Testing Standards Organization, Chief Operations Officer at AVIEN, and CEO of Small Blue-Green World. He is a Fellow of the BCS Institute and holds qualifications in security management, service management (ITIL), BSI security audit and medical informatics.
The final installment of the 3-part series covers the loading the bootkit previously discussed in part
For this second part of the series, we look in more depth at the internals of the malware, starting with the user-mode implementation of the
In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented