Security experts describe new botnet as almost ‘indestructible’
July 4, 2011
Posted by on
Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec. Now the Botnets in typical cat and mouse fashion are starting to bring the fight to a new level.
A new Botnet named TDL-4 has been discovered by security experts and described as almost “indestructible”. TDL targets Windows PC’s, is difficult to find and difficult to remove. It is thought that recent Botnet Shutdowns has made the developers of TDL to harden itself against detection and removal with the addition of encryption.
Around 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files. It installs itself in the Windows master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.
The changes introduced in TDL-4 made it the “most sophisticated threat today,” said security researchers Sergey Golovanov and Igor Soumenkov at Kaspersky labs. They have written a detailed analysis of the virus.
“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies,”
The majority of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.
However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down. Between the addition of a custom encryption system and communicating using public peer-to-peer network TDL-4 is hard to get a significant amount of data to analyse. However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.