‘Indestructible’ Botnet Enslaves 4.5mn PCs
A new and sophisticated botnet has infected more than four million computers in just three months, and it is almost “indestructible”, say security researchers. The botnet, called TDL-4, targets PCs running on Windows and tries hard to avoid detection and even harder to shut down.
TDL-4 is the name for both the Trojan virus that affects machines and the network of compromised computers. “It is the most sophisticated threat today… practically indestructible,” Kaspersky Lab’s security researchers Sergey Golovanov and Igor Soumenkov have stated in a detailed analysis released recently.
A botnet is a network of home PCs that have been infected by a virus that allows a cyber criminal to access them remotely. Botnet controllers steal data from victims’ PCs or use the machines to send out spam or conduct other attacks. In all, 4.5 million computers have become victims of TDL-4.
Its makers have created their own encryption system to protect communication between those controlling the botnet. This makes it hard to do a proper analysis of traffic between hijacked PCs and the botnet’s controllers.
The virus installs itself in a Windows system file known as the master boot record (MBR). This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs and the computer’s own security system.
TDL-4 issues instructions to compromised machines using a public peer-to-peer (P2P) network instead of centralised command systems. This prevents analysis as it removes the need for command servers that regularly communicate with infected PCs.