Researchers at Kaspersky Labs have discovered an ‘indestructible’ botnet controlling more than 4.5m computers, five percent of them in the UK, which presents “the most sophisticated threat today”.
The researchers say the TDL-4 malware which contructs the botnet, also known as TDSS, hides itself in places rarely scanned by antivirus software and protects itself with its own brand of AV. It also uses a public P2P network to exist without a central command server if necessary.
The botnet borrows some exploits from the Stuxnet virus and receives commands via a public P2P network, which removes the need for command servers and makes it even harder to track down those controlling it.
“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies,” wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in their detailed analysis of the virus.
“The botnet, with more than 4.5 million infected computers, is used by cybercriminals to manipulate adware and search engines, provide anonymous Internet access, and acts as a launch pad for other malware.”
The virus is spread via affiliate websites that, according to Golovanov and Soumenkov, receive $20-200 (£12-125) per 1000 installations depending on the location of the computer. It has been found in porn websites, movie pirating sites and video and image storage sites.
The Kaspersky researchers say that based on the prices quoted by affiliates, the number of infected computers in the US – 28 percent of the total discovered so far – is worth $250,000 (£156,000), “a sum which presumably made its way to the creators of TDSS,” they added.
Establishing proxy-servers on infected computers has also allowed anonymous internet acces for the botnet’s controller, something Golovanov and Soumenkov said has been offered by the criminals for $100 (£60) per month.
Those responsible have even developed a Firefox add-on for toggling between proxy servers within the browser.
As with previous versions of the virus it also includes modules for search engine substituting and fake clicking, they said.
The researchers were able to locate three MySQL databases in Moldova, Lithuania and the US, which revealed the extent of infection – more than 4.5m infections in the first 3 months of 2011.
Golovanov and Soumenkov concluded: “TDSS and the botnet that unites all the computers it infects will continue to cause problems for users and IT security professionals alike. The decentralized, server-less botnet is practically indestructible, as the Kido epidemic showed.”
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…