There's A Botnet Called TDL-4 That's Virtually Indestructible

TDSS is a trojan virus that infects computers and installs the TDL-4 program, which makes said computer part of a botnet 4.5 million machines strong. TDL-4 is extremely difficult to detect and eliminate. One expert at Kapersky Labs says TDL-4 is "practically indestructible".

What's the magic behind TDL-4. It's a combination two things. The first, according to Kapersky Labs, is that it's installed as a bootkit outside of your operating system, making it hard to detect:

Just like Sinowal, TDL-4 is a bootkit, which means that it infects the MBR in order to launch itself, thus ensuring that malicious code will run prior to operating system start. This is a classic method used by downloaders which ensures a longer malware lifecycle and makes it less visible to most security programs.

TDL nimbly hides both itself and the malicious programs that it downloads from antivirus products. To prevent other malicious programs not associated with TDL from attracting the attention of users of the infected machine, TDL-4 can now delete them. Not all of them, of course, just the most common.

The second aspect, according to Computer World, is TDL-4's ability to use the public KAD p2p network while keeping servers encrypted and anonymous.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

"The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet," said Roel Schouwenberg, senior malware researcher at Kaspersky, in an email reply Tuesday to follow-up questions. "The TDL guys are doing their utmost not to become the next gang to lose their botnet."

TDL-4 infected those 4.5 million computers in the first three months of 2011 alone, which means that it's extremely effective. And while the effects on your own machine might be minimal, you computer could be used to carry out DDoS attacks and other things of the like. Beware. [SecureLabs via ComputerWorld via Slashdot]


Comments

    I dont really care if my computer is used as part of a Botnet..wait there is something funny going on.

    :)

    Just don't try and take my information, or ruin my PC.

    Sharing is caring.

    will reformating the drive wipe it from the computer? and who wants the AFP or FBI knocking down your door and say your a member of such and such hacker group.... and them nicking all your "media"

    As long as its used for a good cause..

    its already infected 1 in 64 australian PCs according to these stats:
    http://www.internetsecuritydb.com/2011/06/tdl-4-botnet-statistics.html

    scary

    So my question is do we know which antivirus programs can detect and remove it? I really don't like the idea that something like this could be hidden in my PC... :S

Join the discussion!

Trending Stories Right Now