Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive botnet 'indestructible,' say researchers


  • Please log in to reply
1 reply to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:51 PM

Posted 30 June 2011 - 04:42 AM

http://www.computerworld.com/s/article/9218034/Massive_botnet_indestructible_say_researchers

By Gregg Keizer June 29, 2011 04:19 PM

A new and improved botnet that has infected more than four million PCs is "practically indestructible," security researchers say. "TDL-4," the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday. "[TDL-4] is practically indestructible," Golovanov said.

snip

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

"The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet," said Roel Schouwenberg, senior malware researcher at Kaspersky, in an email reply Tuesday to follow-up questions. "The TDL guys are doing their utmost not to become the next gang to lose their botnet."

snip

TDL-4's makers created their own encryption algorithm, Kaspersky's Golovanov said in his analysis, and the botnet uses the domain names of the C&C servers as the encryption keys. The botnet also uses the public Kad P2P network for one of its two channels for communicating between infected PCs and the C&C servers, said Kaspersky. Previously, botnets that communicated via P2P used a closed network they had created.

By using a public network, the criminals insure their botnet will survive any take-down effort.


Edited by Union_Thug, 30 June 2011 - 04:43 AM.


BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:51 PM

Posted 01 July 2011 - 08:50 AM

Microsoft clarifies MBR rootkit advice ://www.computerworld.com/s/article/9218062/Microsoft_clarifies_MBR_rootkit_removal_advice?taxonomyId=17

Now says users don't have to reinstall Windows to remove super-stealthy malware, but botnet expert disagrees


Thanks to Allan for pointing this out: http://www.bleepingcomputer.com/forums/topic407089.html

Edited by Union_Thug, 01 July 2011 - 08:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users