‘Indestructible’ botnet has infected 4.5M PCs and counting

The “TDL-4″ botnet now has more than 4.5 million infected PCs running on it and is the “most sophisticated threat” to computer security today, according to Kaspersky Labs researcher Sergey Golovanov.

Botnets are groups of malware-infected computers that are used for malicious activities, such as sending spam, stealing personal information, launching hacker attacks, and infecting other computers with viruses. They are so hard to defeat because there are so many infected machines.

Kaspersky’s anti-virus software identifies the botnet as TDSS. “TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center,” Golovanov wrote earlier this week. “TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.”

The TDL-4 botnet started hitting computers in 2008, and it goes undetected because it infects the master boot record of a computer. This means the operating system and security software can’t detect it because the infection is so deep. It’s also strong because it has its own “anti-virus” that prevents other botnets from taking it over.

Add this to the the fact that the TDL-4 uses a decentralized peer-to-peer (P2P) network to operate and you have yourself a practically “indestructible” botnet, according to Golovanov.

People can unwittingly infect their computers with a botnet by downloading something that appears harmless, such as a humorous video or picture. The infected file is usually attached to something inane and could easily be via e-mail, so it’s important to have active security software to scan all of your downloads.

blog comments powered by Disqus