<!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w
unctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <wontGrowAutofit/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" LatentStyleCount="156"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]-->
June 29, Computerworld – (International) Massive botnet 'indestructible,' say researchers. A new and improved botnet that has infected more than 4 million PCs is "practically indestructible," security researchers said. "TDL-4," the name for both the bot trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," said a Kaspersky Labs researcher in a detailed analysis June 27. The director of malware research at Dell SecureWorks and an internationally-known botnet expert agreed during an interview June 29. The researchers based their judgments on a variety of TDL-4's traits, all which make it an extremely tough character to detect, delete, suppress, or eradicate. The Kapersky Lab researcher said TDL-4 infects the master boot record (MBR) of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer's BIOS does its start-up checks. Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system, and more importantly, security software designed to sniff out malicious code. What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.
Source: http://www.computerworld.com/s/article/9218034/Massive_botnet_indestructible_say_researchers
unctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <wontGrowAutofit/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" LatentStyleCount="156"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> NEW MASSIVE BOTNET 'INDESTRUCTIBLE”
June 29, Computerworld – (International) Massive botnet 'indestructible,' say researchers. A new and improved botnet that has infected more than 4 million PCs is "practically indestructible," security researchers said. "TDL-4," the name for both the bot trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," said a Kaspersky Labs researcher in a detailed analysis June 27. The director of malware research at Dell SecureWorks and an internationally-known botnet expert agreed during an interview June 29. The researchers based their judgments on a variety of TDL-4's traits, all which make it an extremely tough character to detect, delete, suppress, or eradicate. The Kapersky Lab researcher said TDL-4 infects the master boot record (MBR) of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer's BIOS does its start-up checks. Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system, and more importantly, security software designed to sniff out malicious code. What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.
Source: http://www.computerworld.com/s/article/9218034/Massive_botnet_indestructible_say_researchers