Posted on 06/30/2011 6:54:05 AM PDT by decimon
More than four million PCs have been enrolled in a botnet security experts say is almost 'indestructible'
The botnet, known as TDL, targets Windows PCs and tries hard to avoid detection and even harder to shut down.
Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.
Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.
The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.
The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.
"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.
(Excerpt) Read more at bbc.co.uk ...
I agree, Norton is one of the most obnoxious pieces of Malware I’ve had the misfortune to deal worth. Worse than any virus in terms of its actual impact on me.
They also fall for those phishing exploits that tell you there’s something wrong with your pc click here.
>June 30, 2011
“Sorry, but the TDL botnet is not ‘indestructible’ “<
Correct. Just like that MS wackadoo who announced that the Alureon rootkit is also indestructible, I laugh at these “experts” who scare Win users.
Of course what do I know. I used to consult for Kaspersky and Norton. The TLD4 is the nastiest MFer on the planet and every malware and rootkit guy I know has seen it do damage. The Alureon class 1-4, I detected on other clients laptops and it was fairly easy but time consuming to clean. The TDL botnets and rootkits re-write the registry on occasions so you have to use instinct by utilizing a registry cleaner and if that annoys you, use OTS which corrects the re-written code automatically.
Just to show everyone how nasty the TDL’s are, I actually witnessed it shut down the Malwarebytes pro version dead in it’s tracks. That’s the pro version, not the free one.
I ran into the same problems, I used Google to search some financial information, and a search return that I clicked on installed the virus of “XP Security 2012” pop-up virus.
I easily got rid of it, but as a result, I bought an Apple iPad 2 and now do all my searching, web browsing with it.
Screw the massively defective Windows garbage. Been surfing the web freely for over a month. And NO troubles at all.
The iPad is an absolutely amazing product!!!
Is there a good diagnostic tool for root kits?
I have only had one, and the simple solution was to reload the system.
I have used SchmidtFraudFix (spelling may not be right) on a really nasty bug, think it was complements of the U.S. Gov. Made a mistake one day chasing news and wound up on a militia site and after a few moments something shut down my system and my anti-virus program had to neutralize it each time I rebooted. Used every tool in my tool kit and nothing worked, one of our IT guys told me about that tool and it worked. It is a totally command line tool for really nasty stuff.
not a Mac thing but thought this might be of interest to you, because, well, it’s not a Mac thing.
I’m on the Avast forums as an “evangelist”, who rids your pc of rootkits and malware but I won’t tell you which one to avoid the trolls.
The best tools are the free ones, and it’s not who you use them but to understand how they work. For basics, you AV will not protect you 100%. The top 3 tools you should have is Malwarebytes (free, but I prefer the pro), GMER and Combofix. GMER used to scan then fix the rootkit and malware but the ‘fix” part sucks nowadays so Combofix does the trick.
For the TDL hard cases, DDS does the trick and WHEN the TDL’s really get wild and re-write the MS Windows registry and open a backdoor for future invasions which it does, OTS corrects the registry for you.
It’s nice to know that in the past years I’ve done this, I have never given up on a pc and told me clients to re-boot the system to the orig. factory settings. There is ALWAYS a way to save your files from the hard drive and all that work should always be saved.
I forgot to mention Combofix in my post above. I agree it is a great tool also.
So have I. Fortunately the worst incident happened when I was using my Linux box. Even then it took several tries to get out of it.
I'm getting to the point where I will be pretty restrictive where I go with my Win 7 machine, since it is essential it stays clean. Do my surfing on my laptop under Ubuntu.
The same dudes who created Combofix were originally from Norton and they were pissed how weak Norton really was. Some of them even created one of the best, not-known AV’s which uses cloud technology: Previx. They have a cult following..
The other utilities look interesting as well.
Thanks for the ping.
Norton is not only junk, but very difficult junk to get rid of.
Several years ago when I had problems with it, I uninstalled and the uninstall corrupted Corel Draw (which is essential to my work) so that it would not run. It deleted a certain file. After extensive research I found A)which file and then a copy of the file, thankfully and B) an awful lot of other Corel users had also gotten shafted and couldn’t load Corel.
Half day’s work in the toilet. Now, I contact online Norton support, and forced them to connect me with a supervisor (yep, India). When I pointed out that Norton was making Corel inoperative for a LARGE number of people, he gave me the BS that Norton doesn’t support other apps (especially the ones that they corrupt). Well, we went round and round and the SOB hung up on me.
Anyone that wants to really get rid of Norton better be able to manually edit the registry. That’s what I had to do.
The botnet, known as TDL, targets Windows PCs
i am not sufficiently technically oriented to edit the registry. I don’t know what to look for or how to even get there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.