Botnet of 4.5 million virus infected computers: ‘indestructible’

A new botnet with more than 4.5 million virus infected computers has been discovered. TDL-4, as it is known, is being expanded through rogue websites that offer pirated warez, pornography and file storage.

The people in charge of the websites receive between $20 and $200 from the crooks behind TDL-4 for every 1,000 new machines they infect, according to reports from Kaspersky Labs.

The botnet is expanding rapidly as it targets Windows Vulnerabilities, including one that has been discovered after the Stuxnet cyber attack on Iran's nuclear programme. Botnets are a fairly common problem, but they often don't get as big as this. One of the largest in history, called Mariposa, had 12 million computers in its structure, when it was caught in 2010.

Kaspersky Labs are flagging TDL-4 as one of the worst in recent years, and they said in the first three months of this year it had infected 4.5 million machines. One third of the infected computers are in the United States and 5 percent are in the United Kingdom.

The report said “Remarkably, there are no Russian users in the statistics”. TDL-4 is particularly noteworthy because it uses advanced techniques to hide itself from anti virus software and fights back when software tries to remove it from infected computers. TDL-4 also has algorithms which enable it to target other viruses and to wipe them out.

Sergey Golovanov and Igor Soumenkov, researches in Kaspersky Labs said “The owners of TDL are essentially trying to create an ‘indestructible' botnet that is protected against attacks, competitors, and anti-virus companies. The [TDL-4] botnet, with more than 4.5 million infected computers, is used by cyber criminals to manipulate adware and search engines, provide anonymous internet access, and acts as a launch pad for other malware.”

So far the people behind TDL-4 have remained hidden as they are using encryption to send commands, as well as bouncing the traffic around a peer to peer network.

Kitguru says: Will authorities be able to shut this down? It looks set to prove a serious challenge to authorities.

Become a Patron!