'Indestructable' malware infects 4.5m with Stuxnet efficiency
The TDSS malware, its forth incarnation dubbed TDL-4, dodged signature, heuristic, and proactive anti-virus detection, used a sophisticated rootkit, and encrypted communication between infected bots and its command and control centre.
Rootkit to operate on 64-bit systems
Its Russian-based creators are believed to be upgrading TDL-4 with a rootkit to operate on 64-bit systems, peer-to-peer research, an inbuilt "antivirus", MBR infection capability to run at system boot, and exploits used by Stuxnet.
The latest version as well contained revamped encryption. It had swapped the RC4 algorithm with custom built code that used XOR swaps and a bash parameter identifier to encrypted communication between infected bots and command and control servers.
The botnet will run smoothly
This "ensures that the botnet will run smoothly, during protecting infected computers from network traffic analysis, and blocking attempts of other cyber criminals to take control of the botnet", researchers said.
Infected machines talk over a private channel in the Kad peer-to-peer network, however it keeps a handful of infected machines in the public space as redundancy against attempts to hijack the botnet.
- ·
Malware Encrypted Communication
- · Rackspace debuts OpenStack cloud servers
- · America's broadband adoption challenges
- · EPAM Systems Leverages the Cloud to Enhance Its Global Delivery Model With Nimbula Director
- · Telcom & Data intros emergency VOIP phones
- · Lorton Data Announces Partnership with Krengeltech Through A-Qua⢠Integration into DocuMailer