Over the previous year, there have been several high profile records
of botnets. These records bring about a huge reduction on the number of
spam that PC users have in their inbox. Today, security researchers are
discussing a new botnet named TDL-4. They say that it is almost
indestructible and its designers used some creative ways to make sure
that their net won’t be as easy to take offline like the previous
botnets.
Kapersky Lab security researcher, Sergey Golovanod, mentioned in a
report on the TDL-4 botnet that it is currently the most advanced
threat. Meanwhile, Dell SecureWorks malware researcher, Joe Stewart, did
not believe that the TDL-4 cannot be destroyed, but it is pretty much
invulnerable. It has a very keen instinct in maintaining itself. A
number of factors work together in order to make TDL-4 tough. One of
these factors is that the malware targets the master boot record of the
computers HDD where it is located. This is the part that the hard drive
reads first when a computer starts and the rootkit is to be installed
making it undetected by the security software and the OS.
What make the botnet even stronger are the protocols that it uses to communicate between affected computers from the control and command servers. The TDL-4 botnet utilizes a public peer-to-peer network, the Kad P2P network, which one of the two channels uses to communicate with infected devices and the C&C servers. Kapersky researcher, Roek Schouwenberg, sent an email to Computerworld saying that how peer-to-peer is used makes the botnet extremely difficult to take down. The people behind TDL are doing their best in order to carry on with their legacy in creating botnets.
The hackers who created the botnet also utilize their own encryption algorithm and use the C&C servers’ domain names as their encryption keys. The use of a public network is the reason behind the botnet’s strength and keeps the TDL-4 network always online. Schouwenberg said that any trials to bring down the standard C&Cs could be bypassed by the TDL group by keeping track of the list of C&Cs via P2P network. The fact that TDL has two diverse channels for communications will make any submission attempts extremely difficult.
Until now, the TDL-4 botnet remains very effective with as 4.5
million Windows computers are infected. This infection rate is not that
alarming. However, TDL-4 it is still best not to let our guard down
since its toughness can keep on infecting computers. While their
discovery rate is small, they’ll continue to grow. Another reason behind
the longevity of the TDL-4 is the fact that it seeks and disables other
malware on the computer. This is done since the less chance for the
user to be aware of any infection on their computer, the less chance
they are to look further and probably spot the TDL-4 malware on the
device. TDL-4 doesn’t delete itself just to follow the installation of
other malware. It will just delete the downloaded malware any time.
Watch out People!
What make the botnet even stronger are the protocols that it uses to communicate between affected computers from the control and command servers. The TDL-4 botnet utilizes a public peer-to-peer network, the Kad P2P network, which one of the two channels uses to communicate with infected devices and the C&C servers. Kapersky researcher, Roek Schouwenberg, sent an email to Computerworld saying that how peer-to-peer is used makes the botnet extremely difficult to take down. The people behind TDL are doing their best in order to carry on with their legacy in creating botnets.
The hackers who created the botnet also utilize their own encryption algorithm and use the C&C servers’ domain names as their encryption keys. The use of a public network is the reason behind the botnet’s strength and keeps the TDL-4 network always online. Schouwenberg said that any trials to bring down the standard C&Cs could be bypassed by the TDL group by keeping track of the list of C&Cs via P2P network. The fact that TDL has two diverse channels for communications will make any submission attempts extremely difficult.
Protect your Computers!
Post a Comment