TDSS is a wide-spread rootkit which forms a powerful botnet. TDSS is studied pretty well today. Howewer, no studies include anything beyond analysis of binary code and common attack vectors. Main goal of this article is to fill this gap in the IT security knowledge base by uncovering the TDSS botnet mechanisms.