"Indestructible" botnet wipes out other malware
By Nicole Kobie
Posted on 30 Jun 2011 at 10:35
Researchers have described a botnet-building piece of malware as "the most sophisticated threat today".
The botnet and the malware that creates it are both called TDL-4, but also known as TDSS and Alureon. Once installed, TDL also infects computers with other malicious software such as adware and spambots. It has infected 4.5 million computers, a third of which are in the US, and 5% in the UK.
Researcher Sergey Golovanov said "the decentralised, server-less botnet is practically indestructible".
One reason the botnet is so difficult to take down is the communications between the infected computers and the command and control centre are encrypted, and can also be controlled via P2P in case the control servers are knocked offline.
The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies
"The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies," Golovanov said on the Kaspersky site.
The malware loads when the computer is booting, making it more difficult for antivirus software to spot. TDL also removes 20 other types of malware.
"TDL nimbly hides both itself and the malicious programs that it downloads from antivirus products," Golovanov said. "To prevent other malicious programs not associated with TDL from attracting the attention of users of the infected machine, TDL-4 can now delete them. Not all of them, of course, just the most common."
Infected machines can also be used by criminals to create proxy servers - which TDL's creators offer as a service for $100/month, complete with a Firefox add-on to make it easier to use.
No comments:
Post a Comment