“Indestructible” Botnet Has Infected 4.5 Million PCs

According to Russian security experts at Kaspersky Labs, a botnet know at “TDL-4” has emerged as one of the most resilient, tenacious, and potentially dangerous botnets in existence. In a post on Kaspersky’s Securelist website, researchers Sergey Golovanov and Igor SoumenkovIn believe that the creators of TDL-4 are attempting to create an “indestructible” botnet.

Botnets are networks of computers that are infected with malware. The creators of the botnet can then collectively leverage the malware installed on all those PCs – sometimes called “Zombie PCs” -- to initiate large-scale distributed denial of service (DDoS) attacks to take down targeted websites, or use the infected PCs to gain access to other computers and networks. All of these activities can take place without the knowledge of the legitimate users of the computers included in the botnet.

The creators of TDL-4 have also leveraged a traditional business model for helping accelerate the creation and expansion of their botnet: an affiliate program. This program gives botnet enablers “between $20 to $200 for every 1,000 installations of TDL, depending on the location of the victim computer. Affiliates can use any installation method they choose. Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.”

According to Golovanov and Soumenkovln, TDL-4  uses malware known as TDSS to effectively remove and nullify competing malware and malicious programs from an infected machine, much like traditional anti-virus or anti-malware software. The goal here isn’t a benevolent one, but rather an attempt to eliminate any competing programs from disrupting the actions of the botnet creators:

Golovanov and Soumenkovln go into exacting technical detail about how TDL-4 works, and what new features it offers over previous variants. Much like a professional software development organization, the creators of TDL-4 are continually refining and improving their code in an attempt to bypass and hide from security software, all while advancing the goals of the botnet creators. This aggressive, ongoing iteration and improvement has led to some very sophisticated malware and botnet techniques, which the Kaspersky researchers point out in their post:

It’s a sobering thought for IT administrators and security professionals tasked with keeping their networks and PCs safe, secure, and malware-free. Yet it also adds yet more emphasis on the need for everyone who has access to a PC to make sure their PCs are updated with the latest anti-virus and anti-malware software, protected with good passwords, and employed by users (and administrators) with a robust knowledge of IT security issues.

Feel free to add a comment to this blog post or start up a discussion on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content: