Skip to comments.Security researchers discover 'indestructible' botnet
Posted on 06/30/2011 6:54:05 AM PDT by decimon
More than four million PCs have been enrolled in a botnet security experts say is almost 'indestructible'
The botnet, known as TDL, targets Windows PCs and tries hard to avoid detection and even harder to shut down.
Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.
Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.
The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.
The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.
"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.
(Excerpt) Read more at bbc.co.uk ...
June 30, 2011
“Sorry, but the TDL botnet is not ‘indestructible’ “
By Roger Grimes
“Malware and alarmism over its proliferation are nothing new — and the latest boot-sector rootkit will be cured soon enough”
“The sophistication of the TDL rootkit and the global expanse of its botnet have many observers worried about the antimalware industry’s ability to respond. Clearly, the TDL malware family is designed to be difficult to detect and remove. Several respected security researchers have gone so far as to say that the TDL botnet, composed of millions of TDL-infected PCs, is “practically indestructible.”
“As a 24-year veteran of the malware wars, I can safely tell you that no threat has appeared that the antimalware industry and OS vendors did not successfully respond to. It may take months or years to kill off something, but eventually the good guys get it right.”
Hmm, guess I have to do my porn searching with Ubuntu ;)
Seriously, people that do porn hunting on the web have a PC death wish.
Doesn’t say if any browser provides more protection than others.
kind of impressive in a lex-luthorish way.
It seems so. Porn and pirate sites.
My wife has gotten two of those “Fake Alert” viruses and she was not surfing porn. Shopping sites.
Is this the same one that Microsoft says forget trying to get rid of it and just reinstall your OS?
I guess reinstalling your OS wouldn’t be that big of deal, except that you have to reinstall all the updates too. Is there a way to save your updates somehow so you don’t have to download all of them again?
You can save an image of a new install after all the updates have been applied. Then you just reimage your computer if you have problems.
Sports sites and their forums seem to trigger hidden malware.
I've seen research reports that found the most common vector for malware and virus distribution wasn't porn sites, but free game sites geared toward children. They'll click on anything.
I got one searching for an instruction manual for an old piece of equipment.
The black hats are no more talented than the white hats. What can be made can be destroyed.
Microsoft doesn’t say reinstall the OS. It says restore the MBR and do Recovery. That’s not the same thing.
Does Spybot catch this?
I guess reinstalling your OS wouldnt be that big of deal, except that you have to reinstall all the updates too. Is there a way to save your updates somehow so you dont have to download all of them again?
Buy the latest version of the OS.
I keep getting a Norton virus popup. I have long ago erased Norton from my system and anything else Symantec as well. I do not touch the popup but do shut down everything else I have running and do a virus scan using Malwarebytes. It inevitably finds one virus and elimnates it and the Norton popup disappears. That is also what happens when I get the obvious fake virus alerts. I don’t know if it is Norton or a disguise but I don’t use Norton and have to assume anything apparently from Norton is a virus. For a long time I kept getting a MSFT nagger to assent to MSFT inspecting my system and always declined and the MSFT popup would go away, Then one day it didn’t go away and my system files got corrupted. I had all legitimately purchased and licensed software but apparently MSFT got miffed because I wouldn’t give it permission to do what it does anyway. No more MSFT anything for me. So, in my experience both Norton and Microsoft are viruses.
I have Spybot, Malwarebytes, and AVG. They keep me safe from everything but MSFT. Malwarebytes seems to be most proficient at killing the "Virus Alerts."
I got hit when I went to the UK Mail from an FR post. A microsoft tech guy walked me through a rescue. It can happen to anyone. I do now make damn sure my security essentials is up to date, and run a scan every day.
I agree, Norton is one of the most obnoxious pieces of Malware I’ve had the misfortune to deal worth. Worse than any virus in terms of its actual impact on me.
They also fall for those phishing exploits that tell you there’s something wrong with your pc click here.
>June 30, 2011
Sorry, but the TDL botnet is not indestructible <
Correct. Just like that MS wackadoo who announced that the Alureon rootkit is also indestructible, I laugh at these “experts” who scare Win users.
Of course what do I know. I used to consult for Kaspersky and Norton. The TLD4 is the nastiest MFer on the planet and every malware and rootkit guy I know has seen it do damage. The Alureon class 1-4, I detected on other clients laptops and it was fairly easy but time consuming to clean. The TDL botnets and rootkits re-write the registry on occasions so you have to use instinct by utilizing a registry cleaner and if that annoys you, use OTS which corrects the re-written code automatically.
Just to show everyone how nasty the TDL’s are, I actually witnessed it shut down the Malwarebytes pro version dead in it’s tracks. That’s the pro version, not the free one.
I ran into the same problems, I used Google to search some financial information, and a search return that I clicked on installed the virus of “XP Security 2012” pop-up virus.
I easily got rid of it, but as a result, I bought an Apple iPad 2 and now do all my searching, web browsing with it.
Screw the massively defective Windows garbage. Been surfing the web freely for over a month. And NO troubles at all.
The iPad is an absolutely amazing product!!!
Is there a good diagnostic tool for root kits?
I have only had one, and the simple solution was to reload the system.
I have used SchmidtFraudFix (spelling may not be right) on a really nasty bug, think it was complements of the U.S. Gov. Made a mistake one day chasing news and wound up on a militia site and after a few moments something shut down my system and my anti-virus program had to neutralize it each time I rebooted. Used every tool in my tool kit and nothing worked, one of our IT guys told me about that tool and it worked. It is a totally command line tool for really nasty stuff.
not a Mac thing but thought this might be of interest to you, because, well, it’s not a Mac thing.
I’m on the Avast forums as an “evangelist”, who rids your pc of rootkits and malware but I won’t tell you which one to avoid the trolls.
The best tools are the free ones, and it’s not who you use them but to understand how they work. For basics, you AV will not protect you 100%. The top 3 tools you should have is Malwarebytes (free, but I prefer the pro), GMER and Combofix. GMER used to scan then fix the rootkit and malware but the ‘fix” part sucks nowadays so Combofix does the trick.
For the TDL hard cases, DDS does the trick and WHEN the TDL’s really get wild and re-write the MS Windows registry and open a backdoor for future invasions which it does, OTS corrects the registry for you.
It’s nice to know that in the past years I’ve done this, I have never given up on a pc and told me clients to re-boot the system to the orig. factory settings. There is ALWAYS a way to save your files from the hard drive and all that work should always be saved.
I forgot to mention Combofix in my post above. I agree it is a great tool also.
So have I. Fortunately the worst incident happened when I was using my Linux box. Even then it took several tries to get out of it.
I'm getting to the point where I will be pretty restrictive where I go with my Win 7 machine, since it is essential it stays clean. Do my surfing on my laptop under Ubuntu.
The same dudes who created Combofix were originally from Norton and they were pissed how weak Norton really was. Some of them even created one of the best, not-known AV’s which uses cloud technology: Previx. They have a cult following..
The other utilities look interesting as well.
Thanks for the ping.
Norton is not only junk, but very difficult junk to get rid of.
Several years ago when I had problems with it, I uninstalled and the uninstall corrupted Corel Draw (which is essential to my work) so that it would not run. It deleted a certain file. After extensive research I found A)which file and then a copy of the file, thankfully and B) an awful lot of other Corel users had also gotten shafted and couldn’t load Corel.
Half day’s work in the toilet. Now, I contact online Norton support, and forced them to connect me with a supervisor (yep, India). When I pointed out that Norton was making Corel inoperative for a LARGE number of people, he gave me the BS that Norton doesn’t support other apps (especially the ones that they corrupt). Well, we went round and round and the SOB hung up on me.
Anyone that wants to really get rid of Norton better be able to manually edit the registry. That’s what I had to do.
The botnet, known as TDL, targets Windows PCs
i am not sufficiently technically oriented to edit the registry. I don’t know what to look for or how to even get there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.