"Bootkits - a new stage of development", (IN)Secure, November 2010
The article provides in-depth analysis of new MBR infectors: Alipop, Mebratix, and Black Internet.
Click here to download the issue

"TDSS botnet – full disclosure. Part II", Hakin9, December 2010
After breaking into the world’s biggest botnet, which was covered in the previous issue of Hakin9, we performed thorough analysis of the botnet’s undercover logic.
Click here to download the issue

"Case study: the Ibank trojan", Virus Bulletin, December 2010
Disclosing the technology behind online banking fraud with an in-depth analysis of the prevalent trojan which targets a wide variety of Russian online banking technologies.
The article is available to Virus Bulletin subscribers.

Q's, feedback and discussion are much appreciated.

"TDSS botnet: full disclosure" article has been published in Hakin9 #10/2010. This is part one of the complete writeup about breaking into the botnet and analyzing its inner workings.

Download or view the issue (page 18)

TDSS Remover version 1.8 released.
New in this version:

• Bootkit.TDSS detection and removal
• x64 operating systems support.

Download here

1. A quarterly report (2010 Q1) of TDSS Remover usage and TDSS-related activity in the wild will be published in the Virus Bulletin Magazine, May 2010.
2. TDSS Remover version 1.7.5.1 released.
Major updates:

• successful disinfection of the latest TDSS malware (TDL 3.273)
• added a tool to decode the rootkit's encrypted file system.

Download here

TDSS Remover version 1.7 released.
New features since version 1.6:

• successful disinfection of the latest TDSS malware (TDL3.27)
• no more VMProtect (smaller file size, less antivirus false positives, happier reversers :))
• "/uninstall" command line option
• "Scan at VirusTotal.com" context menu option
• a panel with links.

Download here

Rootkit.Win32.TDSS Remover version 1.6 released.
New features:

• disinfection of the TDL3 rootkit
• saving found objects to a custom folder
• optional sending of statistics and infected objects to our server.

Download here

Virus Bulletin Magazine, November 2009: DETECTING BOOTKITS.
Alisa Shevchenko and Dmitry Oleksiuk decided to find out whether anti-virus software has learned to cope successfully with Mebroot and MBR infectors in general a few years after the first appearance of this type of malware.
Link for VB subscribers

A free antivirus tool providing generic detection and disinfection of all known and unknown bootkits (such as Sinowal/Mebroot/MaosBoot, Stoned Bootkit etc.) is released.
Read more or download the archive

"Everybody lies: reaching after the truth while searching for rootkits"
  Virus Bulletin magazine, August 2009
The article covers a trivial and efficient, yet widely unused, method of revealing rootkit-hidden objects. The described method is part of the TDSS remover technology.

New in version 1.4: improved hidden files scan, added full Windows 7 support. Minor bugs fixed.
Download TDSS remover v1.4

IOCTL Fuzzer - an fuzzing utility for vulnerability assessment of Windows drivers.
Download the archive
Read more at the Projects page
Browse source at Google code.

The TDSS rootkit removal tool has been put online. Download the archive now, or read more about the release.

"CASE STUDY: TDSS ROOTKIT"
Virus Bulletin magazine, May 2009

"ADVANCED MALWARE TECHNIQUES 2008"
Virus Bulletin magazine, January 2009