A pair of security researchers are warning about a new botnet that they say is "practically indestructible" and "the most sophisticated threat today." The botnet Trojan, which has been dubbed TDL-4, is a new strain of the TDSS malware. PCMag.com quotes one of the researchers, Sergey Golovanov, as explaining:
TDSS contains code to remove approximately 20 malicious programs, including Gbot, ZeuS, Clishmic, Optima, etc. TDSS scans the registry, searches for specific file names, blacklists the addresses of the command and control centers of other botnets and prevents victim machines from contacting them.
This new strain comes equipped with an "anti-virus" to prevent other bot-creating viruses from taking it over, which Golovanov says
... fights cybercrime competition, while on the other hand it protect[ing] TDSS and associated malware against undesirable interactions that could be caused by other malware on the infected machine.
According to Computerworld, TDL-4's makers developed their own encryption algorithm and use the domain names of the command and control servers as the encryption keys. It also uses a peer-to-peer network as one of its two channels for communicating between infected PCs and the C&C servers. Roel Schouwenberg, senior malware researcher at Kaspersky, says:
Any attempt to take down the regular C&Cs can effectively be circumvented by the TDL group by updating the list of C&Cs through the P2P network ... The fact that TDL has two separate channels for communications will make any take-down very, very tough.
So far, notes Digital Trends, more than 4.5 million PCs have been enslaved by the massive botnet, which targets Windows PCs, in just the first three months of 2011.