A strong botnet discovered

A strong botnet discovered

تاریخ ایجاد

ID: IRCNE2011071163
Date: 2011-07-02

According to “TechWorld”, researchers from security firm Kaspersky Lab have discovered that millions of PCs around the world appear to have been quietly infected by the dangerous TDSS ‘super-malware’ rootkit as part of a campaign to build a giant new botnet.
Malware and botnets come and go, but TDSS is different. First detected more than three years ago, TDSS (also known as ‘TDL’ and sometimes by its infamous rootkit component, Alureon), it has grown into a multi-faceted malware nexus spinning out ever more complex and dangerous elements as it evolves.
In recent weeks, Kaspersky Lab researchers were able to penetrate three SQL-based command and control servers used to control the activities of the malware’s latest version, TDL-4, where they discovered the IP addresses of 4.5 million IP PCs infected by the malware in 2011 alone. Almost 1.5 million of these were in the US. If active, this number of compromised computers could make it one of the largest botnets in the world.
The TDL-4 malware has also added technical and economic capabilities to its features list, including some that are out of the ordinary for botnets, the researchers said.
Making use of the malware’s bootkit design – it infects the master boot record of a PC to allow it to load before other programs – it attempts to clean rival malware from an infected PC, searching for an nixing up to 20 different malware types, including Gbot, Zeus and Optima. This stops other programs interfering with its activities as well as hurting their commercial activities.
Perhaps most intriguing of all are the economic innovations shown by the TDSS creators which help them sell it in a botnet-as-a-service form.
“We don’t doubt that the development of TDSS will continue,” said Kaspersky researcher, Sergey Golovanov, who performed the latest analysis of TDSS. “Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyse.”
The bigger question is why TDSS/TDL-4 has invested so much effort in complexity when other malware performs adequately without it. Perhaps its most infamous innovation was the 64-bit version of Alureon that Microsoft claimed in May to have removed from hundreds of thousands of systems despite the fact this version of the OS is supposed to be harder to attack.
The answer is that TDSS’s creators are pioneering in their outlook. Windows might have fewer 64-bit users and the OS might be more of a challenge, but tackling it offers larger rewards because they stay ahead not only of rivals but of the software defences.

برچسب‌ها