A researcher at security software firm Kaspersky Labs has uncovered a sophisticated botnet threat that already controls more than 4.5 million Windows-based PCs around the world, with nearly one-third of all infected machines located in the United States. Moreover, there is reason to believe that the latest strain of TDSS uncovered this week -- which commands the infected PCs to run malware programs -- will be able to evolve over time.
According to Kaspersky researcher Sergey Golovanov, the new TDSS strain is the most sophisticated cybersecurity threat facing PC users today. It's even designed to delete other malicious programs not associated with the TDSS botnet, to eliminate the competition as well as ensure that PC users remain unaware that their machines are infected.
The malicious software uses a range of methods to evade detection, and employs encryption to facilitate communication between its bots and the botnet command-and-control center, Golovanov wrote in a Securelist posting. "TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system," he added.
The Law-Enforcement Challenge
Similar to Trojan horses and worms, TDL-4's malicious code functions as a web-based robot or "bot" capable of performing automated tasks. Once a PC becomes infected, it becomes a "zombie" machine under the control of TDL-4's criminal masterminds. "Since the beginning of this year, the botnet has installed nearly 30 additional malicious programs, including fake antivirus programs, adware and the Pushdo spambot," Golovanov explained.
Now that the number of infected machines has achieved critical mass, the cyberthieves running the resulting "botnet" also have the ability to conduct a wide range of coordinated malicious activities. For example, the botnet could be used to send out spam messages or launch denial-of-service attacks on selected web sites.
Earlier this year, the FBI seized servers that had infected as many as two million computers with the botnet-producing Coreflood virus, a key-logging program that enabled cybercriminals to steal personal and financial information by recording PC users' keystrokes. However, the FBI and its international law-enforcement partners will find it far more challenging to shut down the TDL-4 botnet.
According to Golovanov, the creators of TDL-4 have added countermeasures to ensure they continue to have access to infected computers even if their primary botnet control centers are shut down. "The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors and antivirus companies," Golovanov noted.
The Best Protection
To protect themselves, PC users should run the full version of a security software suite that delivers automatic updates. PC users also should avoid visiting those online destinations where infection is most likely to take place.
Golovanov noted that TDL-4's owners are paying their online affiliates to infect Windows-based machines visiting web sites hosting adult and bootleg multimedia content or offering online video- and file-storage services. "Going on the prices quoted by affiliate programs, this number of infected computers in the U.S. is worth $250,000 -- a sum which presumably made its way to the creators of TDSS," Golovanov observed.
Symantec advises PC users to increase their browser security settings and ensure that their PC is patched with the most current Microsoft Windows Update. What's more, PC users should never click on an e-mail attachment unless the user has verified that it comes from a trusted source.
No comments:
Post a Comment