Kaspersky warns of “indestructible” TDL-4 botnet

Top security expert fears 2008 botnet is dangerously sophisticated.

security attacks

A vicious new botnet dubbed TDL-4, made up of more than 4.5 million infected computers is running wild, according to security firm Kaspersky.

The security specialist has described the botnet as potentially "indestructible."

The name TDL-4 comes from the fact that it's the fourth iteration of this particular botnet since it arrived in 2008. Kaspersky says its creators have significantly improved the TDL botnet this time round and the 4.5 million affected computers are all believed to have been infected in the first three months of this year.

"The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today," said Sergey Golovanov and Igor Soumenkov, researchers at Kaspersky Labs.

The powerful rootkit used by TDL's developers means it can conceal the presence of malware on a system, according to the researchers. It has also been setup to resist attempts to remove it from infected machines and to eliminate competing malware.

Peer-to-peer networking techniques have been used, meaning the botnet is difficult to track. Furthermore, if its control servers were seized or shut down the group responsible could still keep it running.

"The owners of TDL are essentially trying to create an indestructible' botnet that is protected against attacks, competitors, and antivirus companies," the researchers added.

Kaspersky Labs revealed that TDL is now spread by affiliates a network of rogue "adult content sites, bootleg websites, and video and file storage services."

Affiliate programs from these sites use a client which makes operating system checks and then downloads TDL-4 to the computer.

"Affiliates receive between $20 to $200 for every 1,000 installations of TDL, depending on the location of the victim computer," Kaspersky added.

At present, the majority of the TDL-4 botnet is on machines located in the US, with just five per cent of TDL-4 infected machines believed to be UK-based.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

26 Feb 2021