Security

Beware 'Practically Indestructible' Botnet

A new and improved botnet that has infected 4.5 million Windows PCs is "practically indestructible," security researchers say.

TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," reported Kaspersky Labs researcher Sergey Golovanov late last month.

"[TDL-4] is practically indestructible," Golovanov said.

"It does a very good job of maintaining itself," agreed Joe Stewart, a botnet expert and director of malware research at Dell SecureWorks.

Golovanov and Stewart said TDL-4 has traits that make it extremely tough to detect, delete, suppress or eradicate. (See also 10 Quick Fixes for the Worst Security Nightmares

TDL-4 infects the master boot record of the PC with a rootkit, which makes it invisible to both the operating system and security software designed to sniff out malicious code.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer network for the instructions issued to the malware by command-and-control servers.

"The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet," said Roel Schouwenberg, senior malware researcher at Kaspersky.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Subscribe to the Security Watch Newsletter

Comments