Print 79 comment(s) - last by EricMartello.. on Jul 6 at 10:48 PM

TDL-4 detects and disables other malware to hide itself

Over the last year, there have been a number of high profile takedowns of botnets. These takedowns lead to a significant reduction in the amount of spam that computer users see in their inbox.

Security researchers are talking about a new botnet called TDL-4 and they say that it is virtually indestructible. The designers of the botnet used some ingenious methods to ensure that their net isn't as easy to take offline as previous botnets.

Security researcher Sergey Golovanod from Kapersky Labs said in a report on the TDL-4 botnet, "[TDL-4 is] the most sophisticated threat today." Joe Stewart is a malware researcher at Dell SecureWorks, he said, "I wouldn't say it's [TDL-4] perfectly indestructible, but it is pretty much indestructible. It does a very good job of maintaining itself."

There are several factors that work together to make TDL-4 so robust. One of the factors is that the malware infects the master boot record of the computers HDD it resides on. This is the first sector of the hard drive read when a computer starts and the malware rootkit is installed there. That makes the rootkit invisible to security software and the OS.

The thing that makes the botnet even more robust is the method that it uses to communicate with infected computers from the command and control servers. The TDL-4 botnet uses a public peer-to-peer network called the Kad P2P network for one of the two channels it uses to communicate between infected machines and the C&C servers.

Kapersky researcher Roek Schouwenberg wrote in an email to Computerworld, "The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet. The TDL guys are doing their utmost not to become the next gang to lose their botnet."

The hackers behind the botnet also use their own encryption algorithm and use the domain names of the C&C servers as the encryption keys. The use of a public network is the key to the robust botnet and helps ensure the TDL-4 network remains online.

Schouwenberg said, "Any attempt to take down the regular C&Cs can effectively be circumvented by the TDL group by updating the list of C&Cs through the P2P network. The fact that TDL has two separate channels for communications will make any take-down very, very tough."

So far, the TDL-4 botnet is very effective with an estimated 4.5 million Windows computers currently infected. Stewart said, "The 4.5 million is not surprising at all. It [TDL-4] might not have as high an infection rate as other botnets, but its longevity means that as long as they can keep infecting computers and the discovery rate is small, they'll keep growing it."

Another key to the longevity of the TDL-4 malware is the fact that it finds and disables other malware on the computer. This is done because the less likely the user is to know of any infection on their computer, the less likely they are to investigate further and potentially discover the TDL-4 malware on the machine.

Golovanov said, "TDL-4 doesn't delete itself following installation of other malware. At any time [it] can ... delete malware it has downloaded."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: I bet it's the Chinese
By XSpeedracerX on 7/1/2011 10:20:07 AM , Rating: 1
"China works on much longer term goals than we do."

No they do not. China works on extremely short term goals benefiting their immediate future at the cost of long term consequences. Currently, they are engaged in the modern equivalent of pyramid building; their obsession with "10% GDP growth no matter what!' has led them to build ghost cities and malls that are barely inhabited. This is contributing to what will be the biggest real-estate bubble in history and nothing good will happen for them once it goes 'pop'.

"If they really DO want to take us over, they may not give a damn what they give up by doing so."

That's gotta be the dumbest thing I ever heard. FYI; the cold war is over. There is no future scenario that does not include the U.S. as a major economic contributor to China thanks to Apple, Walmart, Target and a host of other major corporations. Therefore, there is no scenario of conflict between China and the U.S. that does not end with them knee-capping the income they'd desperately need to finance such a large scale global conflict, which by the way would end in defeat for china. I'm not even going to address the retarded reference to Hitler. Godwin's law strikes again...

"You don't know what the future holds, and it is foolish to think that the Chinese would NEVER invade us because "we owe them money" and "we buy their stuff"."

No, it isn't. Even if we pretend that China's military is advanced enough to spark a global conflict, it would take a steady stream of positive income to finance such a conflict, and that comes from economic growth (and I mean real economic growth, not this pyramid building shit they're doing now). We are their only source of income. War would cut off that source of income thus cutting off their ability to make war, not to mention permanently knee capping any future economic growth as well as any aspirations they have to become a global power; who would do business with China again knowing the deal would eventually end in a costly and fruitless war?

"Who knows what the next hundred years will hold? "

I do. China continues to be the premier source for cheap labor for the world at the cost of the quality of life for it's citizens. Their obsession with a constant 10% GPD growth has lead them into overcapacity in the real estate sector which will have significant economic consequences for them down the road, as it did for the U.S. Chinese citizens continue to notice how much better people in the west have it and continue to not be happy about it. As economic conditions change for the worse, the Chinese government faces managing a depression-like situation which leaves them wanting out of buying U.S. debt, but needing (now more than ever) business from U.S. corporations which are reliant on them as a source of cheap labor.

Then China goes to war with the U.S....but only in Call of Duty modern warfare 5.

RE: I bet it's the Chinese
By ekv on 7/4/2011 2:49:03 AM , Rating: 2
No they do not. China works on extremely short term goals
As far as industrial espionage is concerned, yes they do have long range goals.
ghost cities
Those cities apparently are vacation houses purchased by the nouveau riche. Weekends are busier than weekdays. Working there may suck, but there are rewards.
We are their only source of income.
You don't believe that for a second.
China continues to be the premier source for cheap labor for the world at the cost of the quality of life for it's citizens.
And your point? I mean, we care, but since when do they? Perhaps that is what ought to cause some concern.

"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki