New 'Indestructible' TDL Botnet Infects 4.5M PCs
Around 4.5 million computers have been caught in a botnet that some experts are calling as good as indestructible. Others, however, say that's an exaggeration.
The botnet in question is named the TDL-4. In many senses, it's like any other botnet: once a computer becomes infected with malicious software, it is now controlled by remote and used for nefarious purposes.
Many times the zombie PCs in a botnet (also known as a "botnet army") are used to send bogus page requests to websites in an attempt to knock them offline --; referred to as a "denial of service attack", or "DDoS attack". Such attacks have successfully knocked out big name tech websites, including Mastercard, Twitter, Facebook, and others in the past. (Source: business-standard.com)
Other times, botnets are used to send spam to millions of people, or possibly even monitor the host computer for passwords and financial information.
Instant-On Feature Bypasses Security Software
But with the TDL-4 botnet, there are several feature that differ from regular botnet, making it incredibly difficult to dethrone.
One feature is that the malware embeds itself in a section of the PC that allows it to start running virtually the moment a computer is switched on, making it almost impossible to catch and block with a Windows-based security software system.
TDL-4 also has a built-in virus removal program that removes other competing botnet software in order to monetize as much as possible. (Source: spamfighter.com) That tactic is designed to make it less likely that security software will flag any form of a problem whatsoever, reducing the chances that the user will take a close look at what should and shouldn't be on the machine.
TDL-4 Communication Encrypted, Peer-to-Peer Style
It's the communications system on the TDL-4 botnet that is most significant.
For one, the communications are heavily encrypted, making it harder to monitor activity. For another, the commands aren't sent from the botnet controllers to the infected computers through a straightforward connection, similar to a user browsing a website.
In the past, botnets could be severed if the main command-and-control machine was removed. This is no longer the case. Instead, instructions are transmitted through a peer-to-peer network, similar to those used for Bit Torrent file-sharing. (Source: computerworld.com)
That means that if the communications are disrupted by officials, whether by taking legal control of domain names or physically seizing servers, the offenders can simply switch to a different machine on the network and re-establish communications. (Source: popsci.com)
'Indestructible Botnet' an Exaggeration, say Critics
Though these features mean TDL-4 is undoubtedly a serious problem, some tech bloggers have noted that even the most powerful viruses and other security threats have always been neutralized in the end.
And there are at least three ways in which a botnet of this kind could be defeated: there may be a flaw in the way the code is written, allowing it to be disrupted; the people behind the botnet could be traced and physically apprehended; or security software could be updated to track and block the virus widely enough that the botnet begins shrinking rather than expanding. (Source: infoworld.com)
Free eBook: Windows 7 - The Pocket Guide. Windows 7 is by far the most favorite and widely-used Microsoft operating system to date, and, there are literally thousands of customizations you can apply to it. This pocket guide will help you customize your Windows 7 PC and make it work in the easiest and most optimized way possible. The eBook is written in an easy to understand manner, whether you're a newbie or seasoned pro user. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.