June 30, 2011
“Sorry, but the TDL botnet is not ‘indestructible’ “
By Roger Grimes
http://www.infoworld.com/t/malware/sorry-the-tdl-botnet-not-indestructible-737
“Malware and alarmism over its proliferation are nothing new — and the latest boot-sector rootkit will be cured soon enough”
“The sophistication of the TDL rootkit and the global expanse of its botnet have many observers worried about the antimalware industry’s ability to respond. Clearly, the TDL malware family is designed to be difficult to detect and remove. Several respected security researchers have gone so far as to say that the TDL botnet, composed of millions of TDL-infected PCs, is “practically indestructible.”
“As a 24-year veteran of the malware wars, I can safely tell you that no threat has appeared that the antimalware industry and OS vendors did not successfully respond to. It may take months or years to kill off something, but eventually the good guys get it right.”
.....
The black hats are no more talented than the white hats. What can be made can be destroyed.
>June 30, 2011
“Sorry, but the TDL botnet is not ‘indestructible’ “<
Correct. Just like that MS wackadoo who announced that the Alureon rootkit is also indestructible, I laugh at these “experts” who scare Win users.
Of course what do I know. I used to consult for Kaspersky and Norton. The TLD4 is the nastiest MFer on the planet and every malware and rootkit guy I know has seen it do damage. The Alureon class 1-4, I detected on other clients laptops and it was fairly easy but time consuming to clean. The TDL botnets and rootkits re-write the registry on occasions so you have to use instinct by utilizing a registry cleaner and if that annoys you, use OTS which corrects the re-written code automatically.
Just to show everyone how nasty the TDL’s are, I actually witnessed it shut down the Malwarebytes pro version dead in it’s tracks. That’s the pro version, not the free one.