Donate
Business, Economics and Jobs

‘Almost indestructible’ botnet virus infects millions of PCs

GlobalPost
The World

An almost "indestructible" botnet has infected millions of computers around the world, mostly in the United States, the BBC reported Thursday.

The malicious code known as TDL has infected 4.5 million Windows PCs in the past three months after its creators hardened its resistance to security software, researchers said.

Changes to the fourth and latest manifestation known as TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a analysis of the virus.

"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.

Botnets infect home computers and turn them into vast networks that criminals can use remotely, typically to steal data from victims' PCs and send spam emails.

TDL hides within booby-trapped websites such as those offering porn and pirated films. It then installs itself into the Windows system files on visitors' computers via unpatched vulnerabilities in the Microsoft software.

The BBC said analysis by Symantec showed that action by security companies and law enforcement against botnets had led to spam levels dropping to about 75% of all email sent. Super viruses like TDL-4 are examples of malware designers fighting back, it said.

Of TDL's victims, 28% are in the United States but significant numbers are in India (7%) and the United Kingdom (5%). Smaller numbers, 3%, are found in France, Germany and Canada.

The researchers said the makers of TDL-4 had developed their own encryption system to foil efforts to analyze traffic between compromised computers and the botnet's handlers.

The virus also uses a public peer-to-peer network to send out instructions to it drone machines, rather than centralized command systems, removing the need for more easily traceable command servers.

"For all intents and purposes, [TDL-4] is very tough to remove," said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld.

"It's definitely one of the most sophisticated botnets out there." 

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.