Botnet infects over 4m PCs
TDL-4 virus is very sophisticated, hard to detect
Over four million PCs have been hit by a botnet that security experts say is almost indestructible, according to the BBC.
The TDL botnet targets Windows PCs and is hard to find and shut down, as the code that hijacks the PC hides in places that anti-virus systems do not usually look. The botnet is also controlled with custom-made encryption.
In the last three months, 4.5 million PCs have been infected by the fourth edition of the TDL virus and the botnet's controllers have made it harder to investigate and remove following several recent botnet shutdowns.
"The owners of TDL are essentially trying to create an indestructible botnet that is protected against attacks, competitors, and anti-virus companies," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.
The TDL botnet spreads through booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities.
The virus has been found hiding on websites with adult content, those that offer pirated movies, and websites that allow users to store video and image files.
Once the virus has accessed a PC, it installs itself in the master boot record, a place rarely scanned by anti-virus software.
The custom encryption system on TDL-4 means that communication between those controlling the botnet is protected, making it hard for security companies to do any analysis of traffic between hi-jacked PCs and the botnet's controllers.
TDL-4 also sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.
Twenty-eight percent of victims so far are US-based, with 7% in India, 5% in the UK and 3% in Germany, Canada and France.
Recent successes, by security companies and law enforcement, against botnets have led to a reduction in global spam levels to 75% of all emails sent, according to the BBC.