This sure looks like a nasty piece of work.
A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.
“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.
“[TDL-4] is practically indestructible,” Golovanov said.
. . .
TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.
Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.
But that’s not TDL-4’s secret weapon.
What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?
If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.
/remember, if you’re not part of the solution, you’re potentially part of the problem
Filed under: Blog Entry | Tagged: Advanced, Advanced Encryption, Analysis, BIOS, Bootstrap, Bot Trojan, Botnet, C&C, Code, Collection, Combination, Command And Control, Command-And-Control Servers, Compromised, Compromised Computers, Computer, Detailed, Detailed Analysis, Encryption, Ensuing Collection, First Sector, Four Million, Hard Drive, Improved, Indestructible, Infected, Infects, Infects Machines, Installs, Instructions, Invisible, Issued, Kaspersky Labs, Machines, Malicious Code, Malware, Massive, Massive Botnet, Master Boot Record, MBR, Most Sophisticated Threat Today, Name, Network, New, New And Improved, New And Improved Botnet, Operating System, P2P, PC, Peer-To-Peer, Practically Indestructible, Public, Public Peer-To-Peer Network, Researcher, Researchers, Rootkit, Secret Weapon, Sector, Sector 0, Security, Security Researchers, Security Software, Sergey Golovanov, Servers, Sniff Out, Software, Sophisticated, Sophisticated Threat, Start-Up Checks, Stored, Subverting, TDL-4, Threat, Trojan | 3 Comments »