Unveiling the Network Criminal Infrastructure of TDSS/TDL4 – DGAv14: A case study on a new TDSS/TDL4 variant

In the last few months, Damballa Labs in collaboration with Georgia Tech Information Security Center (GTISC) has been tracking what appears to be a new iteration of TDDS/TDL4. This variant makes use of Domain name Generation Algorithm (DGA) tactics in order to establish its command and control (C&C) communication channel with the C&C domain names, but also to server its Click-fraud activities. 

Saturday, September 1, 2012