Over the previous year, there have been several high profile records of botnets. These records bring about a huge reduction on the number of spam that PC users have in their inbox. Today, security researchers are discussing a new botnet named TDL-4. They say that it is almost indestructible and its designers used some creative ways to make sure that their net won’t be as easy to take offline like the previous botnets.
Kapersky Lab security researcher, Sergey Golovanod, mentioned in a report on the TDL-4 botnet that it is currently the most advanced threat. Meanwhile, Dell SecureWorks malware researcher, Joe Stewart, did not believe that the TDL-4 cannot be destroyed, but it is pretty much invulnerable. It has a very keen instinct in maintaining itself. A number of factors work together in order to make TDL-4 tough. One of these factors is that the malware targets the master boot record of the computers HDD where it is located. This is the part that the hard drive reads first when a computer starts and the rootkit is to be installed making it undetected by the security software and the OS.
What make the botnet even stronger are the protocols that it uses to communicate between affected computers from the control and command servers. The TDL-4 botnet utilizes a public peer-to-peer network, the Kad P2P network, which one of the two channels uses to communicate with infected devices and the C&C servers. Kapersky researcher, Roek Schouwenberg, sent an email to Computerworld saying that how peer-to-peer is used makes the botnet extremely difficult to take down. The people behind TDL are doing their best in order to carry on with their legacy in creating botnets.
The hackers who created the botnet also utilize their own encryption algorithm and use the C&C servers’ domain names as their encryption keys. The use of a public network is the reason behind the botnet’s strength and keeps the TDL-4 network always online. Schouwenberg said that any trials to bring down the standard C&Cs could be bypassed by the TDL group by keeping track of the list of C&Cs via P2P network. The fact that TDL has two diverse channels for communications will make any submission attempts extremely difficult.
Until now, the TDL-4 botnet remains very effective with as 4.5 million Windows computers are infected. This infection rate is not that alarming. However, TDL-4 it is still best not to let our guard down since its toughness can keep on infecting computers. While their discovery rate is small, they’ll continue to grow. Another reason behind the longevity of the TDL-4 is the fact that it seeks and disables other malware on the computer. This is done since the less chance for the user to be aware of any infection on their computer, the less chance they are to look further and probably spot the TDL-4 malware on the device. TDL-4 doesn’t delete itself just to follow the installation of other malware. It will just delete the downloaded malware any time.
Kapersky Lab security researcher, Sergey Golovanod, mentioned in a report on the TDL-4 botnet that it is currently the most advanced threat. Meanwhile, Dell SecureWorks malware researcher, Joe Stewart, did not believe that the TDL-4 cannot be destroyed, but it is pretty much invulnerable. It has a very keen instinct in maintaining itself. A number of factors work together in order to make TDL-4 tough. One of these factors is that the malware targets the master boot record of the computers HDD where it is located. This is the part that the hard drive reads first when a computer starts and the rootkit is to be installed making it undetected by the security software and the OS.
What make the botnet even stronger are the protocols that it uses to communicate between affected computers from the control and command servers. The TDL-4 botnet utilizes a public peer-to-peer network, the Kad P2P network, which one of the two channels uses to communicate with infected devices and the C&C servers. Kapersky researcher, Roek Schouwenberg, sent an email to Computerworld saying that how peer-to-peer is used makes the botnet extremely difficult to take down. The people behind TDL are doing their best in order to carry on with their legacy in creating botnets.
The hackers who created the botnet also utilize their own encryption algorithm and use the C&C servers’ domain names as their encryption keys. The use of a public network is the reason behind the botnet’s strength and keeps the TDL-4 network always online. Schouwenberg said that any trials to bring down the standard C&Cs could be bypassed by the TDL group by keeping track of the list of C&Cs via P2P network. The fact that TDL has two diverse channels for communications will make any submission attempts extremely difficult.
Until now, the TDL-4 botnet remains very effective with as 4.5 million Windows computers are infected. This infection rate is not that alarming. However, TDL-4 it is still best not to let our guard down since its toughness can keep on infecting computers. While their discovery rate is small, they’ll continue to grow. Another reason behind the longevity of the TDL-4 is the fact that it seeks and disables other malware on the computer. This is done since the less chance for the user to be aware of any infection on their computer, the less chance they are to look further and probably spot the TDL-4 malware on the device. TDL-4 doesn’t delete itself just to follow the installation of other malware. It will just delete the downloaded malware any time.
0 comments:
Post a Comment