Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


botnet 4.0 undetectable virus...

  • Please log in to reply
2 replies to this topic

#1 shreyas1995


  • Banned
  • 72 posts
  • Gender:Male
  • Local time:10:15 PM

Posted 04 August 2011 - 12:05 PM

Well.i have been hearing that there is a virus going around corrupted websites....its known as botnet 4.0 virus...they say it can spoil a computer by corrupting data on the hard disk....making copies of itself and infecting system files....the worst thing is that....this virus is not detectable by any antivirus as it hinds in legitimate files having vaid digital signatures....i have 2 questions:

1.Is this real?

2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it? :mellow:

Any reply is appreciated.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,954 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 AM

Posted 04 August 2011 - 10:53 PM

Everything you want to know about TDL4:
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • Gender:Male
  • Local time:05:45 PM

Posted 05 August 2011 - 03:44 AM

...as it hinds in legitimate files having vaid digital signatures...

I've done extensive research on Microsoft's digital signatures of executables (AuthentiCode).

Practically, it is not possible to alter the executable code of a signed application without invalidating the AuthentiCode signature. Theoretically it is possible, but the world lacks the cryptographic computing power and knowledge to make this a realistic attack.

What is possible however is to add data in non-executable locations of a signed application without invalidating the signature. But this added content is harmless, it can't be executed automatically.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users