Friday, July 1, 2011

'Indestructible' TDL-4 Botnet Controls 4.5M Windows PCs

A researcher at security Relevant Products/Services software firm Kaspersky Labs has uncovered a sophisticated botnet threat that already controls more than 4.5 million Windows Relevant Products/Services-based PCs around the world, with nearly one-third of all infected machines located in the United States. Moreover, there is reason to believe that the latest strain of TDSS uncovered this week -- which commands the infected PCs to run malware programs -- will be able to evolve over time.

According to Kaspersky researcher Sergey Golovanov, the new TDSS strain is the most sophisticated cybersecurity threat facing PC Relevant Products/Services users today. It's even designed to delete other malicious programs not associated with the TDSS botnet, to eliminate the competition as well as ensure that PC users remain unaware that their machines are infected.

The malicious software uses a range of methods to evade detection, and employs encryption to facilitate communication Relevant Products/Services between its bots and the botnet command-and-control center Relevant Products/Services, Golovanov wrote in a Securelist posting. "TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system," he added.

The Law-Enforcement Challenge

Similar to Trojan horses and worms, TDL-4's malicious code functions as a web-based robot or "bot" capable of performing automated tasks. Once a PC becomes infected, it becomes a "zombie" machine Relevant Products/Services under the control of TDL-4's criminal masterminds. "Since the beginning of this year, the botnet has installed nearly 30 additional malicious programs, including fake antivirus programs, adware and the Pushdo spambot," Golovanov explained.

Now that the number of infected machines has achieved critical mass, the cyberthieves running the resulting "botnet" also have the ability to conduct a wide range of coordinated malicious activities. For example, the botnet could be used to send out spam messages or launch denial-of-service attacks on selected web sites.

Earlier this year, the FBI seized servers that had infected as many as two million computers with the botnet-producing Coreflood virus, a key-logging program that enabled cybercriminals to steal personal and financial information by recording PC users' keystrokes. However, the FBI and its international law-enforcement partners will find it far more challenging to shut down the TDL-4 botnet. (continued...)

1  |  2  |  Next Page >


Artikel yang Berkaitan

0 komentar:

Post a Comment