Home
PortuguêsEnglish
  • strict warning: Non-static method view::load() should not be called statically in /home/iccyber/www/sites/all/modules/views/views.module on line 1118.
  • strict warning: Declaration of views_handler_field::query() should be compatible with views_handler::query($group_by = false) in /home/iccyber/www/sites/all/modules/views/handlers/views_handler_field.inc on line 1148.
  • strict warning: Declaration of content_handler_field::element_type() should be compatible with views_handler_field::element_type($none_supported = false, $default_empty = false, $inline = false) in /home/iccyber/www/sites/all/modules/cck/includes/views/handlers/content_handler_field.inc on line 229.
  • strict warning: Declaration of views_handler_sort::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /home/iccyber/www/sites/all/modules/views/handlers/views_handler_sort.inc on line 165.
  • strict warning: Declaration of views_handler_sort::options_submit() should be compatible with views_handler::options_submit($form, &$form_state) in /home/iccyber/www/sites/all/modules/views/handlers/views_handler_sort.inc on line 165.
  • strict warning: Declaration of views_handler_sort::query() should be compatible with views_handler::query($group_by = false) in /home/iccyber/www/sites/all/modules/views/handlers/views_handler_sort.inc on line 165.
  • strict warning: Declaration of views_handler_filter::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /home/iccyber/www/sites/all/modules/views/handlers/views_handler_filter.inc on line 599.
  • strict warning: Declaration of views_handler_filter::query() should be compatible with views_handler::query($group_by = false) in /home/iccyber/www/sites/all/modules/views/handlers/views_handler_filter.inc on line 599.
  • strict warning: Declaration of views_plugin_query::options_submit() should be compatible with views_plugin::options_submit($form, &$form_state) in /home/iccyber/www/sites/all/modules/views/plugins/views_plugin_query.inc on line 181.
  • strict warning: Declaration of views_plugin_style_default::options() should be compatible with views_object::options() in /home/iccyber/www/sites/all/modules/views/plugins/views_plugin_style_default.inc on line 24.
  • strict warning: Declaration of views_plugin_row::options_validate() should be compatible with views_plugin::options_validate(&$form, &$form_state) in /home/iccyber/www/sites/all/modules/views/plugins/views_plugin_row.inc on line 136.

New botnet enslaves millions of PCs in just three months

Enviado em 30/jun/2011 10:52

A newly-discovered botnet is 'practically indestructible', security researchers say.

TDL-4 is the rootkit component of the TDSS malware, which has been around since 2008. But in the three months since it hit the scene, it's sucked in more than four and a half million PCs around the world. About a third are based in the US.

And in this, its latest incarnation, it has the cheek to include its own version of an anti-virus capability, which scans slave machines for software that could enable it to be taken over by another botnet.

It can now delete around 20 of the world's most prolific malware packages, including Gbot, ZeuS and Optima.

It has its own encryption method for communication between infected computers and the command and control servers, and can also use a public peer-to-peer network to sending commands to control infected computers.

Kaspersky Labs has published a detailed analysis of TDL-4.

"The changes in TDL-4 affected practically all components of the malware and its activity on the web to some extent or other. The malware writers extended the program functionality, changed the algorithm used to encrypt the communication protocol between bots and the botnet command and control servers, and attempted to ensure they had access to infected computers even in cases where the botnet control centers are shut down," says Kaspersky researcher Sergey Golovanov.

"The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies."

It's a nice little earner for some. Golovanov says that it's spread by affiliates who can earn as much as $200 for every 1,000 installations.

"we have reason to believe that TDSS will continue to evolve," he says.

"The fact that TDL-4 code shows active development — a rootkit for 64-bit systems, the malware running prior to operating system start launches, the use of exploits from Stuxnet’s arsenal, P2P technology, its own ‘antivirus’ and a lot more — place TDSS firmly in the ranks of the most technologically sophisticated, and most complex to analyze, malware."

Fonte: Emma Woollacott - TG Daily

Design: Fábrica de Criação • Copyright © 2013: ABCF e APCF