F-Secure's team of researchers do a great job of dissecting yet another piece of malware. This time its TDL3, an example of increasingly complex and carefully architected software. F-Secure's analysis of this bot, shows some interesting trends: - The code uses low level disk access to prevent its detection by file-scanning tools, and to provide itself with full disk access - The implementation of an encrypted file-system within a protected area of the infected machine's disk - The hooking of browser processes and forwarding of search terms to the bot's C&C servers Interesting read.