Topics:

TDL-4 botnet is 'practically indestructible,' 'the most sophisticated threat today'

July 1, 2011 | By Paul Mah

Tools

A new malware called TDL-4 has been named "the most sophisticated threat today" by Kaspersky Lab. In a detailed analysis, the security vendor estimated the botnet created by TDL-4 has infected 4.5 million computers, noting that it is "practically indestructible." This sentiment was shared by Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert. Stewart writes at Computerworld: "I wouldn't say it's perfectly indestructible, but it is pretty much indestructible."

In a nutshell, TDL-4 infects the master boot record in order to launch itself ahead of the operating system and any security software. Communication with a command and control server is encrypted using an algorithm written by the malware's creators, and takes place over HTTPS, which allows it to evade detection from network traffic analysis.

A rootkit component hides TDL-4 and any malicious code that it downloads, and will also actively seek out about 20 of the most common malicious programs and delete them. This anti-competitive streak ensures that no undesirable interactions with other malware occurs, and also reduces the possibility of unwittingly tipping users off to the presence of a malware infection. Finally, to protect itself from take-down efforts, the TDL-4 botnet makes use of the--get this--public Kad peer-to-peer network as a second channel for communication with C&C servers. This means that operations like the one launched by Microsoft (NASDAQ: MSFT) to take down Rustock will not work against TDL-4, since the botnet will simply fall back on its P2P network for new commands.

So what does the TDL-4 malware do? Aside from downloading other malware into an infected system, TDL-4 manipulates search engine results for unknown gains, and is used by the botnet controller to sell anonymous Internet access at a cost of $100 per month.

For more:
- check out the full analysis from Securelist
- check out this article at Compterworld
- check out this article at CNET News

Filed Under

botnet, HTTPS, Kaspersky, Malware, Master Boot Record, peer-to-peer, rootkit, TDL-4

Comments

View the discussion thread.

Latest Commentary

Would you buy a $199 Android tablet?

Overspeccing: How far should IT departments go?

Is Microsoft the monster and Apple the saint?

Would you trust your data with Google Drive?

Are the rewards of BYOD worth the trouble?

Social Business ForumJune 4-5, 2012 — Milan
SPTechConJuly 22-25 — Boston
Gartner Security & Risk Management SummitJune 11-14 — National Harbor, MD

MORE EVENTS

Topics:

TDL-4 botnet is 'practically indestructible,' 'the most sophisticated threat today'

Filed Under

Comments

Popular Stories

THE LIBRARY: EBOOK

Latest Commentary

EVENTS

Press Releases

Featured Jobs

Sponsored Links

A publication of FierceMarkets

The FierceMarkets Network:

Telecom

Healthcare

Government

Energy

Life Sciences

Enterprise IT

Finance

Topics:

TDL-4 botnet is 'practically indestructible,' 'the most sophisticated threat today'

Filed Under

Comments

Join 25,000+ Insiders SIGN UP FOR OUR NEWSLETTER

Popular Stories

THE LIBRARY: EBOOK

Latest Commentary

EVENTS

Press Releases

Featured Jobs

Sponsored Links

A publication of FierceMarkets

The FierceMarkets Network:

Telecom

Healthcare

Government

Energy

Life Sciences

Enterprise IT

Finance