Massive Botnet "Indestructible," Say Researchers

Massive Botnet "Indestructible," Say Researchers 583

Posted by samzenpus on Wednesday June 29, 2011 @08:18PM from the +1-or-better-update-to-hit dept.

CWmike writes "A new and improved botnet that has infected more than four million PCs is 'practically indestructible,' security researchers say. TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is 'the most sophisticated threat today,' said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis on Monday. Others agree. 'I wouldn't say it's perfectly indestructible, but it is pretty much indestructible,' Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, told Computerworld on Wednesday. 'It does a very good job of maintaining itself.' Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code. But that's not TDL-4's secret weapon. What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers. 'The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,' said Roel Schouwenberg, senior malware researcher at Kaspersky. 'The TDL guys are doing their utmost not to become the next gang to lose their botnet.'"

Massive Botnet "Indestructible," Say Researchers

This discussion has been archived. No new comments can be posted.

Search 583 Comments Log In/Create an Account

Comments Filter:

Indestructible? (Score:5, Funny)

by CokeBear ( 16811 ) writes: on Wednesday June 29, 2011 @08:30PM (#36617716) Journal

Sounds like a challenge...

What I want to know is ... (Score:3, Funny)

by DrJimbo ( 594231 ) writes: on Wednesday June 29, 2011 @08:32PM (#36617748)

Does it run Linux?

GPL Violators! Get em! (Score:5, Funny)

by Hatta ( 162192 ) writes: on Wednesday June 29, 2011 @08:42PM (#36617816) Journal

# When developing the kad.dll module for maintaining communication with the Kad network, code with a GPL license was used â" this means that the authors are in violation of a licensing agreement.

Somehow I think that's the least of their concerns.

Re:Take 'em offline (Score:4, Funny)

by interkin3tic ( 1469267 ) writes: on Wednesday June 29, 2011 @09:23PM (#36618074)

The only long term solution is to infect the infected with something that low level formats their HDD.
That's not true, there are plenty of long term solutions. We got -plenty- of nukes.

Re:GPL Violators! Get em! (Score:5, Funny)

by gumbi west ( 610122 ) writes: on Wednesday June 29, 2011 @09:37PM (#36618168) Journal

Think of how they get Al Capone. Noting would make federal prosecutors more interested in the GPL than if they thought it was the best way to nail a bad guy.
BTW, I like the idea of malware coming with a GPL license agreement and link to the source code.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Massive Botnet "Indestructible," Say Researchers 583

Massive Botnet "Indestructible," Say Researchers More Login

Massive Botnet "Indestructible," Say Researchers

Indestructible? (Score:5, Funny)

What I want to know is ... (Score:3, Funny)

GPL Violators! Get em! (Score:5, Funny)

Re:Take 'em offline (Score:4, Funny)

Re:GPL Violators! Get em! (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot