Massive Botnet "Indestructible," Say Researchers 583
CWmike writes "A new and improved botnet that has infected more than four million PCs is 'practically indestructible,' security researchers say. TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is 'the most sophisticated threat today,' said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis on Monday. Others agree. 'I wouldn't say it's perfectly indestructible, but it is pretty much indestructible,' Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, told Computerworld on Wednesday. 'It does a very good job of maintaining itself.' Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code. But that's not TDL-4's secret weapon. What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers. 'The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,' said Roel Schouwenberg, senior malware researcher at Kaspersky. 'The TDL guys are doing their utmost not to become the next gang to lose their botnet.'"
Indestructible? (Score:5, Funny)
Sounds like a challenge...
What I want to know is ... (Score:3, Funny)
Does it run Linux?
GPL Violators! Get em! (Score:5, Funny)
Somehow I think that's the least of their concerns.
Re:Take 'em offline (Score:4, Funny)
The only long term solution is to infect the infected with something that low level formats their HDD.
That's not true, there are plenty of long term solutions. We got -plenty- of nukes.
Re:GPL Violators! Get em! (Score:5, Funny)
Think of how they get Al Capone. Noting would make federal prosecutors more interested in the GPL than if they thought it was the best way to nail a bad guy.
BTW, I like the idea of malware coming with a GPL license agreement and link to the source code.