backtop


Print 79 comment(s) - last by EricMartello.. on Jul 6 at 10:48 PM

TDL-4 detects and disables other malware to hide itself

Over the last year, there have been a number of high profile takedowns of botnets. These takedowns lead to a significant reduction in the amount of spam that computer users see in their inbox.

Security researchers are talking about a new botnet called TDL-4 and they say that it is virtually indestructible. The designers of the botnet used some ingenious methods to ensure that their net isn't as easy to take offline as previous botnets.

Security researcher Sergey Golovanod from Kapersky Labs said in a report on the TDL-4 botnet, "[TDL-4 is] the most sophisticated threat today." Joe Stewart is a malware researcher at Dell SecureWorks, he said, "I wouldn't say it's [TDL-4] perfectly indestructible, but it is pretty much indestructible. It does a very good job of maintaining itself."

There are several factors that work together to make TDL-4 so robust. One of the factors is that the malware infects the master boot record of the computers HDD it resides on. This is the first sector of the hard drive read when a computer starts and the malware rootkit is installed there. That makes the rootkit invisible to security software and the OS.

The thing that makes the botnet even more robust is the method that it uses to communicate with infected computers from the command and control servers. The TDL-4 botnet uses a public peer-to-peer network called the Kad P2P network for one of the two channels it uses to communicate between infected machines and the C&C servers.

Kapersky researcher Roek Schouwenberg wrote in an email to Computerworld, "The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet. The TDL guys are doing their utmost not to become the next gang to lose their botnet."

The hackers behind the botnet also use their own encryption algorithm and use the domain names of the C&C servers as the encryption keys. The use of a public network is the key to the robust botnet and helps ensure the TDL-4 network remains online.

Schouwenberg said, "Any attempt to take down the regular C&Cs can effectively be circumvented by the TDL group by updating the list of C&Cs through the P2P network. The fact that TDL has two separate channels for communications will make any take-down very, very tough."

So far, the TDL-4 botnet is very effective with an estimated 4.5 million Windows computers currently infected. Stewart said, "The 4.5 million is not surprising at all. It [TDL-4] might not have as high an infection rate as other botnets, but its longevity means that as long as they can keep infecting computers and the discovery rate is small, they'll keep growing it."

Another key to the longevity of the TDL-4 malware is the fact that it finds and disables other malware on the computer. This is done because the less likely the user is to know of any infection on their computer, the less likely they are to investigate further and potentially discover the TDL-4 malware on the machine.

Golovanov said, "TDL-4 doesn't delete itself following installation of other malware. At any time [it] can ... delete malware it has downloaded."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Wow
By EricMartello on 6/30/2011 6:17:02 PM , Rating: 3
That's right and I've said this many times before. These days your average McCoder relies on some bloated "managed language" like C# rather than learning and using C or C++ (languages that actually take skill). They get their DeVry degree and before you know it they are cutting-and-pasting "custom" programs like a boss.

There are still a handful of coders that actually write their own code and therefore can create optimized programs. Botnets are commonly written in ASM to facilitate small file sizes, but nowadays small file sizes are tripping some AV scanners so ASM may only be used where speed is of the essence (such as packing in a portable compiler that would allow the program to "morph" itself).


RE: Wow
By Slyne on 6/30/2011 6:57:40 PM , Rating: 3
You seem to have a very narrow understanding of the 'skills' required to deliver software. Memory management is not a skill, it's a chore. Wasting hundreds of man hours to root out memory leaks (and fail anyway) when you can have a garbage collector do it for free is not being smart to me. I'll take a managed language over free() and malloc() any time.


RE: Wow
By Gondor on 7/1/2011 5:36:14 AM , Rating: 2
GPU and printer control program (such as Catalyst) does not have to be 70+ MB in size. I am fairly confident that same application could be written in some more efficient language (C++, heck even Delphi) and fit into under 10 MB, majority of which would be taken by stupid splashscreens and other graphics that most users disable anyway if they can.

It's just a menu, a form, a handful of panels and few other UI bits and pieces for heaven's sake ! Adjust a property and one line of code invokes the driver to update the setting.

I used to write drivers (mainly framebuffer drivers) for certain opensource OSes. When compiled into binary form (.o) they were rougly 10 KB (kilobytes) in size. Userspace program that could interface with them (via ioctl) was well under 100 KB (kilobytes again).

70+ MB (WTF !?) garbage collector for what should be a 2MB app, where UI elements are perfectly capable of freeing memory when their destructor is invoked on their own and where you've got approximately 0 need for other memory structures (apart from one to interface with the driver itself which is allocated upon startup and freed upon exit) ? Puhleeese, spare us the apologetic nonsense ... The fact is that today's "programmers" using "languages" such as C# for driver control programs are nothing but utter inepts who should be hanged, drawn and quartered for humanity's sake.


RE: Wow
By tygrus on 7/1/2011 8:07:32 AM , Rating: 2
The base driver is probably <10% of the total. I think most of the rest is code to replace game code and support older DirectX/OpenGL API's.


RE: Wow
By bah12 on 7/1/2011 9:51:25 AM , Rating: 3
Ding we have a winner. I is not the language that is the problem it is all the other crap. Seriously look at HP's crap, how much extra code is used to monitor ink levels, pop up a fancy screen complete with links to their site to buy them. I also don't need a stupid animation and voice for "printing started"..."printing complete". They think they are doing some BIG service to the user, but all they do is over complicate crap.

Another sticking point are dell WiFi drivers, that don't just use the built in windows interface for connecting to a network. Why did we need another???


RE: Wow
By NellyFromMA on 7/1/2011 11:29:07 AM , Rating: 2
You're clearly assuming things about a technology you've chosen to hate without understanding. You know what they say about those who assume, don't you? ;)


RE: Wow
By EricMartello on 7/2/2011 7:28:41 AM , Rating: 2
quote:
You seem to have a very narrow understanding of the 'skills' required to deliver software. Memory management is not a skill, it's a chore. Wasting hundreds of man hours to root out memory leaks (and fail anyway) when you can have a garbage collector do it for free is not being smart to me. I'll take a managed language over free() and malloc() any time.


I like how you think that memory management is the only or even the most important element of an application. It's not. And guess what, there are plenty of libraries in C and C++ that you can use freely so you don't need to reinvent the wheel.

Managed languages add bloat and reduce application performance, often times substantially - 30% to 40%. You can compile a program in C# and by default it will include all the garbage necessary for it to work PLUS it relies on the user having a runtime installed. A "hello world" type program in C# would result in an exe file several megabytes in size. Done in C? A few KB at most. Done in ASM? A few bytes at most.

As far as the driver packages - a lot of their bloat is probably due to sloppy "joint" coding done by many different people, where one guy may introduce an error so they fix it by adding more shit to it. What's the nvidia driver version? 280 something now? Really? They needed nearly 300 attempts and still can't get it right...lol


RE: Wow
By ekv on 7/4/2011 2:27:33 AM , Rating: 2
quote:
reduce application performance
Actually only about 3-5% if you know what you're doing.
quote:
Done in C? A few KB at most. Done in ASM? A few bytes at most.
Excuse me, but are you even rational? Besides the inflammatory language, akin to a religious war, WHO CARES?! a couple bytes here and there, so what. I've got a small'ish workstation w/ only 4.6 some odd TB's. Am I really that concerned about a couple kb's, or even mb's?

Look, I'm kind of old-school in that I try to make a somewhat optimized program, small, easy-to-use, etc. But if I've got some kind of inept POS for a boss ranting about how slow a dev I am, then the optimization steps may have to take a back seat, in order to make the delivery date.

Your condemnation of C# reminds me of Edsger W.Dijkstra

"It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration."

http://www.cs.virginia.edu/~evans/cs655/readings/e...

A moronic statement if ever there were. And strays far from the OP.


RE: Wow
By EricMartello on 7/4/2011 3:53:38 AM , Rating: 2
quote:
Actually only about 3-5% if you know what you're doing.


No, not really. The whole point of managed languages is to enable people who DON'T know what they're doing to create programs. The performance limitation is due to its high-level nature and the sandbox it operates within. Even if you made a "perfectly" optimized program in C#, the optimized C equivalent would be at least 30% faster.

quote:
Excuse me, but are you even rational? Besides the inflammatory language, akin to a religious war, WHO CARES?! a couple bytes here and there, so what. I've got a small'ish workstation w/ only 4.6 some odd TB's. Am I really that concerned about a couple kb's, or even mb's?


That's the kind of fail mentality that leads to sloppy, bloated and generally unoptimized code. It's really not an issue of nit-picking a few bytes here and there for the executable's filesize, it's more about the coder taking the time (and having the intelligence) to write a program that isn't a clunky piece of garbage.

quote:
Look, I'm kind of old-school in that I try to make a somewhat optimized program, small, easy-to-use, etc. But if I've got some kind of inept POS for a boss ranting about how slow a dev I am, then the optimization steps may have to take a back seat, in order to make the delivery date.


A GREAT coder means you have the key to MANY income opportunities, so if your boss is a c0cksucker you can easily find another place to work OR just freelance. As a McCoder whose area of expertise is churning out cut-n-paste apps in C# or VB, your options are limited because like a janitor you are easily replaceable.

quote:
"It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration."


I don't think that is true, as a good coder can adapt and learn new languages similar to people learning to speak in other languages.

I am not saying that C# is ruining the potential of good coders, what I am saying is that companies that spit out products based on crap like C# fail, and that C# lowers the bar so much that it did to coding what AOL did to the internet - unleashed a tidal wave of stupid.

I can concede that managed languages have their niche, but retail software applications are not that place. If you are in business to release software, hire a competent workforce that can deliver optimized C/C++ code within reasonable time frames.

By the way, if you use Delphi or C++ Builder you can develop decent apps quickly - but you'd still need to be smart enough to code in either of those languages.


RE: Wow
By ekv on 7/4/2011 5:19:26 PM , Rating: 3
quote:
No, not really.
Yes, yes really. Aren't you confusing "managed language" w/ "interpreted language"? And how much extra time do you spend optimizing your C program? and do you really still program in C? Seriously?
quote:
it's more about the coder taking the time (and having the intelligence) to write a program that isn't a clunky piece of garbage.
Time is of the essence isn't it. Like when you have a delivery date. And IntelliSense saves plenty of time. That's my mentality.
quote:
A GREAT coder means you have the key to MANY income opportunities
I don't consider myself a "great" coder, not that I even dwell on it. You said yourself there are few great coders. The rest of us then must simply be mentally mutilated bums. Btw, checked out the job market recently?
quote:
what AOL did to the internet - unleashed a tidal wave of stupid.
Right, all those idiot customers ... that pay the bills.

Can't this be better optimized?

void _(char *__, int ___, int ____) {//{+
if(___ <= ____)/*cin>>*/{cout<< *(__+___);//###
_((__),(++(___)),(____));}}/*printf("%s\t", *__x)*/
int/*0xFF___\p+*/main() {char x___[8/*__(*Z_)
*/]={0x43,0x6F,0x64,0x65,0x43,0x61,0x6C,0x6C};
_(x___, 0, 7);return
0
;
}

Sure, but while you're at that I've got people to meet and places to go. Enjoy your computer
http://www.dailytech.com/Robots+Become+More+Lifeli...
since I'm going to enjoy my date.


RE: Wow
By EricMartello on 7/4/2011 9:02:26 PM , Rating: 2
quote:
Yes, yes really. Aren't you confusing "managed language" w/ "interpreted language"? And how much extra time do you spend optimizing your C program? and do you really still program in C? Seriously?


Nah bro, not really...and if you're going to refute what I say at least provide some basis other than "nuh-uh". There are plenty of benchmarks that show the slow performance and bloated program sizes that managed languages produce when compared to C/C++. Runtime = Sandbox and C# requires a runtime installed (.NET Runtime) on the client system to operate.

quote:
Time is of the essence isn't it. Like when you have a delivery date. And IntelliSense saves plenty of time. That's my mentality.


Clearly a McCoder wouldn't understand the first thing about quality. That is why I wouldn't hire a schmuck like you...and I doubt you're missing many deadlines living in mom's basement.

quote:
don't consider myself a "great" coder, not that I even dwell on it. You said yourself there are few great coders. The rest of us then must simply be mentally mutilated bums. Btw, checked out the job market recently?


LOL you're a McCoder and nothing more. You may have had a passing interest in programming but never the mental capacity to do it until they rolled out "computer programming for morons" aka C#, VB and other languages of that ilk. The job market is fine for people who actually have skills. It's rough for people who think being employed is an entitlement.

quote:
Right, all those idiot customers ... that pay the bills.


We're not talking about revenues or profitability. The issue we're discussing here is code and program quality - and you've failed to make a case for your position other than "Morons need C# because they'd take too long to produce something in C."

quote:
Can't this be better optimized? void _(char *__, int ___, int ____) {//{+ if(___ <= ____)/*cin>>*/{cout<< *(__+___);//### _((__),(++(___)),(____));}}/*printf("%s\t", *__x)*/ int/*0xFF___\p+*/main() {char x___[8/*__(*Z_) */]={0x43,0x6F,0x64,0x65,0x43,0x61,0x6C,0x6C}; _(x___, 0, 7);return 0 ; }


Why are you copy-and-pasting code here? Do you think that earns you some kind of "cred"? The more you speak the more you reveal how little you know about this topic, and reinforce the McCoder stereotype.

The optimizations that allow C/C++ to outperform C# include the ability for functions to be tuned on a low level so that they execute in as few clocks as possible, where relevant, such as in media transcoding, media manipulation, algorithmic calculations, etc. What you pasted is irrelevant.

quote:
Sure, but while you're at that I've got people to meet and places to go. Enjoy your computer http://www.dailytech.com/Robots+Become+More+Lifeli... since I'm going to enjoy my date.


Have fun with your RealDoll and enjoy the benefits of being unemployed.


RE: Wow
By ekv on 7/5/2011 2:38:33 AM , Rating: 2
quote:
Nah bro, not really
Yes, really. And I'm not your "bro", thank you very much. In addition if you want benchmarks, go right ahead.
quote:
That is why I wouldn't hire a schmuck like you
First off, you couldn't afford me, especially since you're not in a position to do so. Second, you doubt I'm not missing any deadlines ... because, why? because I told you I wasn't. Again, time is of the essence. Thirdly, I used to think mental capacity and C++ were the greatest. Then I grew up. Silver bullets don't interest me. Getting the job done does. Which usually means good tools and communication w/ co-workers. Let me be clear regarding the latter, if you require somebody to put down in order to feel good about yourself, rots o' ruck.

The job market is so-so. Economy is rough [just ask NASA engineers]. But job requirements listing .Net platform skills are better than ever. Personally, that is likely puerile snob appeal, though I admit it not. Nor do I care for the polar opposite of pop appeal. Of course, the latter does have correlation with revenues and profitability. If you're stuck on good quality, then you are sacrificing one of the other legs of the project triangle: price and/or speed. But you don't know that. Yet.

I'd be willing to wager you can't even go back a couple weeks to your code and explain your design decisions w/o looking at your notes. What? you didn't comment anything? Nor can you look at somebody else's C and optimize it, instead you'd have to re-write it from the ground up. Big time savings there stud.
quote:
The optimizations that allow C/C++ to outperform C# include the ability for functions to be tuned on a low level so that they execute in as few clocks as possible, where relevant, such as in media transcoding, media manipulation, algorithmic calculations, etc.
Gee, golly, I bet Visual Studio doesn't have access to any of that, huh. Specifically those dastardly "algorithmic calculations." They always cause trouble. Lol .Net runs on many platforms and if I need tuned "media transcoding", I can purchase a library just as easily as you. Except I meet deadlines. Do you even make deadlines? Can you? because once you get the code working you'll have to pound your agile partner to re-code your optimizations ... yet more time.

Lastly, I congratulate you however, for convincing me that the hacks who created TDL-4 likely are watchmaker-types who get off on saving a byte and who look forward to the resurrection of D.

I give you the last word ... I've got a life to lead.


RE: Wow
By EricMartello on 7/5/2011 5:31:38 PM , Rating: 2
quote:
Yes, really. And I'm not your "bro", thank you very much. In addition if you want benchmarks, go right ahead.


Umadbro?

quote:
First off, you couldn't afford me, especially since you're not in a position to do so. Second, you doubt I'm not missing any deadlines ... because, why? because I told you I wasn't. Again, time is of the essence. Thirdly, I used to think mental capacity and C++ were the greatest. Then I grew up. Silver bullets don't interest me. Getting the job done does. Which usually means good tools and communication w/ co-workers. Let me be clear regarding the latter, if you require somebody to put down in order to feel good about yourself, rots o' ruck.


LOL if anyone is paying you more than $25K per year they're grossly overpaying, and I'm being generous with that $25K figure.

You're not missing deadlines because the moronic work you are hired to do takes little or no skill, and therefore you'd have to be absolutely braindead to spend more than a few hours hobbling together your advanced "What is 2+2? (Y/N)" McPrograms.

You keep talking about "getting the job done" but really you're not. Do you think that finishing something, regardless of its final quality, is all that matters? No. All you are doing is cutting corners and accepting something below 'good enough' as 'complete'. You ARE part of the problem, and I appreciate that you reiterate my original point so frequently with each of your responses. McCoders are the reason for the bloat and unoptimized, sluggish code that crops up in so many modern applications...but hey, they finished it a couple weeks sooner so there's that...yay.

quote:
The job market is so-so. Economy is rough [just ask NASA engineers]. But job requirements listing .Net platform skills are better than ever. Personally, that is likely puerile snob appeal, though I admit it not. Nor do I care for the polar opposite of pop appeal. Of course, the latter does have correlation with revenues and profitability. If you're stuck on good quality, then you are sacrificing one of the other legs of the project triangle: price and/or speed. But you don't know that. Yet.


Yes, there are lots of low-paying jobs for .NET McCoders...apparently the Mc part was lost on you. Even in this economy, you could land a job at a local McDonald's. You make fast food, it's edible and it 'gets the job done' but you won't be winning any culinary awards nor can you consider yourself a chef simply because you slide frozen buns through a toaster all day. As a McCoder you are no different and no better than a fast food chain grunt - common, easily replaceable and skill-less.

quote:
I'd be willing to wager you can't even go back a couple weeks to your code and explain your design decisions w/o looking at your notes. What? you didn't comment anything? Nor can you look at somebody else's C and optimize it, instead you'd have to re-write it from the ground up. Big time savings there stud.


LOLWTF I always comment my code. Why wouldn't I? I also indent it and make it readable - it's a matter of efficiency...the McCoders are the ones who wouldn't spend the extra time to comment because it would cut into their speed of "excrement" too much. That's right, when you program in C# you don't have a development cycle - it's called an excrement cycle because the end result is always a big, steaming turd. Don't spend too much time on the crapper! hahaha

quote:
Gee, golly, I bet Visual Studio doesn't have access to any of that, huh. Specifically those dastardly "algorithmic calculations." They always cause trouble. Lol .Net runs on many platforms and if I need tuned "media transcoding", I can purchase a library just as easily as you. Except I meet deadlines. Do you even make deadlines? Can you? because once you get the code working you'll have to pound your agile partner to re-code your optimizations ... yet more time.


Are you referring to your cut-n-paste bits, the equivalent of bundled clip art? That's what it seems like. Why is it that the only thing you can say about C# is deadlines? Do you think eating BigMacs daily is better than having a steak with real mashed potatoes? Sorry bro, but you're outta your element in this conversation and that has been quite evident early on.

.NET is owned by MS. It runs only on platforms MS wants it too, and it would typically run sub-optimally on anything other than a Windows-based system, much like ASP...so yeah, you're already taking a 30%+ performance hit by using C# and then you want to run it on a non-Windows platform. lawl It's probably going to execute 60-80% slower than a proper C application of the same type, while being 100-200%+ larger in file size.

quote:
Lastly, I congratulate you however, for convincing me that the hacks who created TDL-4 likely are watchmaker-types who get off on saving a byte and who look forward to the resurrection of D.


TDL-4 is an example of superior coding by people who know what they're doing. A McCoder will NEVER be able to create anything like that, the sandbox wouldn't allow it. The people who TDL-4 it will reap its benefits for a long time to come, while McCoders like you will continue a pointless existence hobbling together unimpressive programs "quickly" for peanuts.


RE: Wow
By WalksTheWalk on 7/6/2011 5:39:54 PM , Rating: 2
EricMartello,

Everyone knows you have a monopoly on coding 100% optimized applications.

Too many lulz to count. Given your logic, why not code everything in ASM? The extra time spent is surely worth the performance improvement. Coding in C/C++ just bloats the process with all of their nasty runtime overhead. Why code in C# or Java when everyone knows it's total crap to begin with, right? (BTW - The questions are rhetorical.)


RE: Wow
By EricMartello on 7/6/2011 10:48:41 PM , Rating: 2
I don't claim to have a monopoly on optimized code; but I do respect it and the people who take the time to create it, and I myself strive to avoid the laziness and bloater mentalities that McCoders have unleashed on the computing world while working on my own programs.

The C language still maintains the best balance between higher-than-machine-code level readability without the substantial performance issues you get with managed languages. Neither C nor C++ require any type of "runtime" and are largely platform independent. Any overhead that they might have would be introduced by customizing the program to the host OS, and even then, you would still get better performance with C or C++ than C#.

While coding exclusively in ASM may seem like a good idea, it would not yield substantial gains over a well-coded C program. You can actually embed ASM code within C as needed to speed up certain functions and algorithms within your program - without having to make the entire program in ASM. Also, with advanced compiler optimizations, C/C++ programs can actually match ASM programs in terms of file size and speed.

The main benefits of ASM are not merely the fact that a well-written ASM program can potentially execute faster than a program created in a higher-level language, rather it is the ultra-fine control you get over the host system with ASM.

If you need more control than C or C++ can give you, there's ASM. If you just need to make a program that runs as fast as possible, there's C or C++.


RE: Wow
By NellyFromMA on 7/1/11, Rating: 0
RE: Wow
By DarkUltra on 7/3/2011 1:49:28 PM , Rating: 2
I don't care how you build it, just don't use up all the space on my relatively small SSD drive. Windows 7 64bit HDD IO operations itself is so slow we need SSD drives to make it useful again. I see the same operations in xp vs 7 takes several times more time. Listing of folders, calculating size of a bunch of files, opening the same program that reside on the same partition in takes twice as long in 7 vs xp.

On a related note, I look forward to upgrading my computer to sandy bridge e, but there is no excuse to produce bloat. There are always developers willing to make something proper as long as theres a demand. I want my computer to be as fast and responsive as Windows Phone 7, windows 8 better have a lot of C++ and Direct2D.

http://jeremiahmorrill.com/2011/02/14/a-critical-d...
inefficient way in which WPF uses Direct 3D

http://www.youtube.com/watch?v=ToFgYylqP_U
windows 7 vs xp slow GUI


RE: Wow
By EricMartello on 7/4/2011 4:05:59 AM , Rating: 3
I've always wanted to make an OS that is super light, but fully functional. I think Windows 7 is a lumbering behemoth because it's still maintaining backward compatibility and it never really had super-tight coding practices to begin with. That said, it's a fairly solid OS and I do use it, but it is far from what I would call optimized software. Imagine if all that bloat was eliminated...overall system responsiveness would improve, applications would run smoother and faster and it's likely that you'd get better gaming and entertainment performance as well.


“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki