"Indestructible" Botnet Discovered

Security and operating system companies have been very successful in the last year of taking down major botnets, networks of malware-infected PCs that can act in unison under remote control to perform distributed denial of service (DDOS) attacks and send huge volumes of spam email. Now a new botnet, named TDL, has been discovered that is very difficult to detect and shut down.
Over four and a half million PCs have become infected with the TDL trojan in the last three months. In a report on the new botnet, security researchers at Kaspersky labs said "The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies."
TDL installs itself into the Master Boot Record of Windows, where anti-virus programs often fail to look and uses a new encryption method for protecting communication between the infected PC and the operators. This makes it very difficult to trace the traffic from the PC and locate the people controlling the botnet.
In addition, this botnet doesn't use direct communication between machines, but instead uses a peer-to-peer system, such as those used in file sharing. This decentralises the communication, making it even harder to trace.
In their report the researchers said "It's definitely one of the most sophisticated botnets out there."
The majority of infections so far have been reported in the USA (28%) with India second in the infected list at 7%. The infection rates are rising sharply though, and there's been no reporting yet from Microsoft on whether the enhanced protection and security in Windows 7 will help defend against infection.
It's clear that the best way to fight the TDL trojan so far will be in individual machines, though it is still common for millions of people to leave their computers open to infection by not understanding the risks involved and how they can protect against them.
There are also still millions of people running Windows XP still and the hugely insecure Internet Explorer 6 web browser. This will aid the distribution and infection rates for TDL. Finally it is critically important that people have Windows Update activated on their computers.
The trojan has been distributed via booby-trapped websites. It has so far been discovered lurking on porn and pirate movie websites, along with some sites offering storage for photos and video files.
Advertisement
“Over four million and a half million PCs…”
Shouldn’t that read
“Over four and a half million PCs…”
I’m going to share this article with my professor. It should be interesting to discuss in class.
TDSSKILLER
http://support.kaspersky.com/viruses/solutions?qid=208280684
any detection and removal tool yet?
Indestructible! I say FUD.
Backup everything and relax.
For possible detection and cleanup there’s always tools for these types of rootkits.
And yes we can boot Windows system in Linux and clean as well.
Can this live
in an UBUNTU Linux PC?
just asking…
It can probably live in an Ubuntu PC, because it infects the MBR. But it will not be active after booting into Linux, so the problem is half solved. :)
And live is getting nicer (nastier) and nicer (nastier). Sometimes i wounder what will be the level of protection we will need i 5 – or 10 years.