New Botnet Is “Practically Indestructible”


Researchers working for antivirus firm Kapersky Labs have discovered a new botnet so cleverly constructed that it has been dubbed “practically indestructible.”

Before you start harumphing and reminiscing about the old days when tech geeks couldn’t even define “hyperbole,” much less spout the stuff like the biggest geyser ever, hear them out. This thing is just devious.

Dubbed “TDL-4” — they’ve got hyperbole down, and that’s the best name they could come up with? — the new botnet is reportedly already infecting 4.5 million Windows PCs worldwide. The botnet’s owners use public peer-to-peer filesharing networks to transmit information to the system, and all such transmissions are encrypted with a custom algorithm.

The really insidious bit is what the TDL-4 code (it calls itself “Top Bot“) does once it gets into your computer. Instead of installing itself to C: like any respectable program, the code takes root in the computer’s boot record. That screen that shows up before Windows actually loads? In essence, that’s where Top Bot lives. This makes it nearly undetectable by the vast majority of antivirus software, and since it activates prior to Windows even coming online, Microsoft’s flagship operating system has no power over it.

This also means that formatting your computer, a process that restores every Windows component to its most basic state, has no effect on Top Bot.

Not content to simply make your computer a slave to its illicit masters, Top Bot also goes after other malware. The logic, New Scientist points out, is that a user might notice if a half dozen viruses were bogging their computer down. That’s attention that Top Bot doesn’t want to attract, so it’s programmed to reroute the outgoing communications of 20 common malware programs, effectively rendering them inert.

As with the vast majority of these sorts of botnets, researchers claim the system is most likely used to generate spam email and aid in a wide range of online attacks.

On the one hand, the words “nefarious” and “insidious” come to mind in regards to this thing’s ability to infect new hosts. On the other hand, I’m almost impressed by the clever technological design in place here.

I guess that’s like Bishop praising the xenomorphs in Aliens. Analytically, I can see that they’re a fascinating example of adaptive evolution, but that doesn’t do much for John Hurt’s burst ribcage.

Source: New Scientist

About the author