Friday, July 1, 2011

Researchers discover 'indestructible' botnet

Security researchers at Kapersky Labs have discovered botnet software that uses a range of techniques to remain undetected, making it "practically indestructible".

Computers infected by the software, called TDL-4, fall under control of the botnet's criminal owners and can be used to pump out spam or commit other online attacks. Communication with the botnet's command and control servers takes place over a public peer-to-peer file-sharing network and is protected by a custom encryption algorithm, making it very hard to track down the botmasters in charge and shut them down.

More than 4.5 million computers running Windows have been infected by TDL-4, but they're unlikely to know it. The malware installs itself in the computer's master boot record, a part of the system that loads before the operating system starts up, hiding it from most anti-virus programs and bypassing Window's security altogether.

What's worse, the malware runs its own anti-virus software to ensure that it doesn't have to share the infected computer with any other malicious programs. TDL-4 scans for around 20 common competitors and prevents them from contacting their command and controls servers. This also serves to stop users noticing anything is wrong - you might notice a slowdown if your computer is running a menagerie of malware, but a single botnet can remain undetected.

No comments:

Post a Comment