Skip navigation.

Finding the TDSS authors and affiliates ---- An Analysis

Although it is a mystery who created TDSS, there are some interesting strings in some of TDSS'es files.

Lets start with this one.

If we open the file in notepad, we see this somewhere:

Comments Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter

FileVersion 0
InternalName php.exe |$ LegalCopyright Copyright 1997 - 2007 The PHP Group 0 LegalTrademarks PHP 8 OriginalFilename php.exe PrivateBuild 8 ProductName PHP php.exe 2 ProductVersion 5.2.11 SpecialBuild URL D VarFileInfo $ Translation Z y D @ M u . ? / $ !

Hmm... Interesting, lets have a look at what else is in there:

Determination that is incorruptible.
From the other side.
A terror to behold.
Kaspersky AV Suxx :) and so others are p@ p@ @@ yyyA @ A @H3 T3

Other than that there is a site called Defunct) which pays about $0.15 for each infection.
Here is an invite code if you want to signup and analyze the samples:eb168ac02f39c017c390503fb6069165

Take a typical botnet with 200000 infected machines. If all of the machines were given the piece of software, the botnet owner would earn $30000

OMG! And this gets a place

OMG! And this gets a place on title page?

The lack of interesting contents is terrible.

Censorship sucks.

Censorship sucks.

I agree with you...

... on your deleted comment and this one! Shame though, because you do contribute to this site, with the BSA info.

Sorry about that. You two

Sorry about that. You two are right, I have fixed the problem. Please accept my apologies.

Karma +1 Danny

Noted :)

Notepad is great, but better

Notepad is great, but better use any viewer :)