last year, there have been a number of high profile takedowns
of botnets. These takedowns lead to a significant reduction in the amount
of spam that computer users see in their inbox.
Security researchers are talking about a new botnet
called TDL-4 and they say that it is virtually indestructible. The
designers of the botnet used some ingenious methods to ensure that their net
isn't as easy to take offline as previous botnets.
Security researcher Sergey Golovanod from Kapersky Labs said in a report on the
TDL-4 botnet, "[TDL-4 is] the most sophisticated threat today." Joe
Stewart is a malware researcher at Dell SecureWorks, he said, "I wouldn't
say it's [TDL-4] perfectly indestructible, but it is pretty much indestructible.
It does a very good job of maintaining itself."
There are several factors that work together to make TDL-4 so robust. One of
the factors is that the malware infects the master boot record of the computers
HDD it resides on. This is the first sector of the hard drive read when a
computer starts and the malware rootkit is installed there. That makes the
rootkit invisible to security software and the OS.
The thing that makes the botnet even more robust is the method that it uses to
communicate with infected computers from the command and control servers. The
TDL-4 botnet uses a public peer-to-peer network called the Kad P2P network for
one of the two channels it uses to communicate between infected machines and
the C&C servers.
Kapersky researcher Roek Schouwenberg wrote in an email to Computerworld, "The way peer-to-peer is used for TDL-4 will
make it extremely hard to take down this botnet. The TDL guys are doing their
utmost not to become the next gang to lose their botnet."
The hackers behind the botnet also use their own encryption algorithm and use
the domain names of the C&C servers as the encryption keys. The use of a
public network is the key to the robust botnet and helps ensure the TDL-4
network remains online.
Schouwenberg said, "Any attempt to take down the regular C&Cs can
effectively be circumvented by the TDL group by updating the list of C&Cs
through the P2P network. The fact that TDL has two separate channels for
communications will make any take-down very, very tough."
So far, the TDL-4 botnet is very effective with an estimated 4.5 million
Windows computers currently infected. Stewart said, "The 4.5 million is
not surprising at all. It [TDL-4] might not have as high an infection rate as
other botnets, but its longevity means that as long as they can keep infecting
computers and the discovery rate is small, they'll keep growing it."
Another key to the longevity of the TDL-4 malware is the fact that it finds and
disables other malware on the computer. This is done because the less likely
the user is to know of any infection on their computer, the less likely they
are to investigate further and potentially discover the TDL-4 malware on the
Golovanov said, "TDL-4 doesn't delete itself following installation of
other malware. At any time [it] can ... delete malware it has downloaded."
quote: Nah bro, not really
quote: That is why I wouldn't hire a schmuck like you
quote: The optimizations that allow C/C++ to outperform C# include the ability for functions to be tuned on a low level so that they execute in as few clocks as possible, where relevant, such as in media transcoding, media manipulation, algorithmic calculations, etc.
quote: Yes, really. And I'm not your "bro", thank you very much. In addition if you want benchmarks, go right ahead.
quote: First off, you couldn't afford me, especially since you're not in a position to do so. Second, you doubt I'm not missing any deadlines ... because, why? because I told you I wasn't. Again, time is of the essence. Thirdly, I used to think mental capacity and C++ were the greatest. Then I grew up. Silver bullets don't interest me. Getting the job done does. Which usually means good tools and communication w/ co-workers. Let me be clear regarding the latter, if you require somebody to put down in order to feel good about yourself, rots o' ruck.
quote: The job market is so-so. Economy is rough [just ask NASA engineers]. But job requirements listing .Net platform skills are better than ever. Personally, that is likely puerile snob appeal, though I admit it not. Nor do I care for the polar opposite of pop appeal. Of course, the latter does have correlation with revenues and profitability. If you're stuck on good quality, then you are sacrificing one of the other legs of the project triangle: price and/or speed. But you don't know that. Yet.
quote: I'd be willing to wager you can't even go back a couple weeks to your code and explain your design decisions w/o looking at your notes. What? you didn't comment anything? Nor can you look at somebody else's C and optimize it, instead you'd have to re-write it from the ground up. Big time savings there stud.
quote: Gee, golly, I bet Visual Studio doesn't have access to any of that, huh. Specifically those dastardly "algorithmic calculations." They always cause trouble. Lol .Net runs on many platforms and if I need tuned "media transcoding", I can purchase a library just as easily as you. Except I meet deadlines. Do you even make deadlines? Can you? because once you get the code working you'll have to pound your agile partner to re-code your optimizations ... yet more time.
quote: Lastly, I congratulate you however, for convincing me that the hacks who created TDL-4 likely are watchmaker-types who get off on saving a byte and who look forward to the resurrection of D.