Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Botnet "Indestructible," Say Researchers

Posted by samzenpus on from the +1-or-better-update-to-hit dept.

CWmike writes "A new and improved botnet that has infected more than four million PCs is 'practically indestructible,' security researchers say. TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is 'the most sophisticated threat today,' said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis on Monday. Others agree. 'I wouldn't say it's perfectly indestructible, but it is pretty much indestructible,' Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, told Computerworld on Wednesday. 'It does a very good job of maintaining itself.' Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code. But that's not TDL-4's secret weapon. What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers. 'The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,' said Roel Schouwenberg, senior malware researcher at Kaspersky. 'The TDL guys are doing their utmost not to become the next gang to lose their botnet.'"

5 of 583 comments (clear)

  1. Indestructible? by CokeBear · · Score: 5, Funny

    Sounds like a challenge...

    --
    Reality has a liberal bias
  2. What I want to know is ... by DrJimbo · · Score: 2, Funny

    Does it run Linux?

    --
    We don't see the world as it is, we see it as we are.
    -- Anais Nin
  3. GPL Violators! Get em! by Hatta · · Score: 5, Funny

    # When developing the kad.dll module for maintaining communication with the Kad network, code with a GPL license was used â" this means that the authors are in violation of a licensing agreement.

    Somehow I think that's the least of their concerns.

    --
    Give me Classic Slashdot or give me death!
  4. Re:Take 'em offline by interkin3tic · · Score: 3, Funny

    The only long term solution is to infect the infected with something that low level formats their HDD.

    That's not true, there are plenty of long term solutions. We got -plenty- of nukes.

  5. Re:GPL Violators! Get em! by gumbi+west · · Score: 4, Funny

    Think of how they get Al Capone. Noting would make federal prosecutors more interested in the GPL than if they thought it was the best way to nail a bad guy.

    BTW, I like the idea of malware coming with a GPL license agreement and link to the source code.