Beware 'Practically Indestructible' Botnet

A new and improved botnet that has infected 4.5 million Windows PCs is "practically indestructible," security researchers say.

TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," reported Kaspersky Labs researcher Sergey Golovanov late last month.

"[TDL-4] is practically indestructible," Golovanov said.

"It does a very good job of maintaining itself," agreed Joe Stewart, a botnet expert and director of malware research at Dell SecureWorks.

Golovanov and Stewart said TDL-4 has traits that make it extremely tough to detect, delete, suppress or eradicate. (See also 10 Quick Fixes for the Worst Security Nightmares

TDL-4 infects the master boot record of the PC with a rootkit, which makes it invisible to both the operating system and security software designed to sniff out malicious code.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer network for the instructions issued to the malware by command-and-control servers.

"The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet," said Roel Schouwenberg, senior malware researcher at Kaspersky.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter

Comments