TDL4 rootkit can be modified to pwn any security product, Bromium researchers discover
John E Dunn |
April 30, 2014
Kernel mode rootkits are more viable than has been realised and could be used to bypass more or less any security product in existence, researchers at Bromium have discovered after conducting a proof-of-concept attack using a modified variant of in the infamous TDL4 malware.
Bromium's motivation in pointing this out is, of course, to advertise its own Citrix Xen-based micro-virtualisation approach to the desktop security problem.