Posted on 06/30/2011 6:54:05 AM PDT by decimon
More than four million PCs have been enrolled in a botnet security experts say is almost 'indestructible'
The botnet, known as TDL, targets Windows PCs and tries hard to avoid detection and even harder to shut down.
Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.
Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.
The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.
The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.
"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.
(Excerpt) Read more at bbc.co.uk ...
Ping
June 30, 2011
“Sorry, but the TDL botnet is not ‘indestructible’ “
By Roger Grimes
http://www.infoworld.com/t/malware/sorry-the-tdl-botnet-not-indestructible-737
“Malware and alarmism over its proliferation are nothing new — and the latest boot-sector rootkit will be cured soon enough”
“The sophistication of the TDL rootkit and the global expanse of its botnet have many observers worried about the antimalware industry’s ability to respond. Clearly, the TDL malware family is designed to be difficult to detect and remove. Several respected security researchers have gone so far as to say that the TDL botnet, composed of millions of TDL-infected PCs, is “practically indestructible.”
“As a 24-year veteran of the malware wars, I can safely tell you that no threat has appeared that the antimalware industry and OS vendors did not successfully respond to. It may take months or years to kill off something, but eventually the good guys get it right.”
.....
Hmm, guess I have to do my porn searching with Ubuntu ;)
Seriously, people that do porn hunting on the web have a PC death wish.
Doesn’t say if any browser provides more protection than others.
kind of impressive in a lex-luthorish way.
It seems so. Porn and pirate sites.
My wife has gotten two of those “Fake Alert” viruses and she was not surfing porn. Shopping sites.
Is this the same one that Microsoft says forget trying to get rid of it and just reinstall your OS?
I guess reinstalling your OS wouldn’t be that big of deal, except that you have to reinstall all the updates too. Is there a way to save your updates somehow so you don’t have to download all of them again?
You can save an image of a new install after all the updates have been applied. Then you just reimage your computer if you have problems.
Sports sites and their forums seem to trigger hidden malware.
I've seen research reports that found the most common vector for malware and virus distribution wasn't porn sites, but free game sites geared toward children. They'll click on anything.
I got one searching for an instruction manual for an old piece of equipment.
The black hats are no more talented than the white hats. What can be made can be destroyed.
Microsoft doesn’t say reinstall the OS. It says restore the MBR and do Recovery. That’s not the same thing.
Does Spybot catch this?
I guess reinstalling your OS wouldnt be that big of deal, except that you have to reinstall all the updates too. Is there a way to save your updates somehow so you dont have to download all of them again?
***
Buy the latest version of the OS.
I keep getting a Norton virus popup. I have long ago erased Norton from my system and anything else Symantec as well. I do not touch the popup but do shut down everything else I have running and do a virus scan using Malwarebytes. It inevitably finds one virus and elimnates it and the Norton popup disappears. That is also what happens when I get the obvious fake virus alerts. I don’t know if it is Norton or a disguise but I don’t use Norton and have to assume anything apparently from Norton is a virus. For a long time I kept getting a MSFT nagger to assent to MSFT inspecting my system and always declined and the MSFT popup would go away, Then one day it didn’t go away and my system files got corrupted. I had all legitimately purchased and licensed software but apparently MSFT got miffed because I wouldn’t give it permission to do what it does anyway. No more MSFT anything for me. So, in my experience both Norton and Microsoft are viruses.
I have Spybot, Malwarebytes, and AVG. They keep me safe from everything but MSFT. Malwarebytes seems to be most proficient at killing the "Virus Alerts."
I got hit when I went to the UK Mail from an FR post. A microsoft tech guy walked me through a rescue. It can happen to anyone. I do now make damn sure my security essentials is up to date, and run a scan every day.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.