New Sophisticated Botnet Discovered

WOBURN, Mass. — Security researchers have discovered what’s being called “the most sophisticated threat” to computer security.

A Kaspersky Labs researcher found the new strain of TDSS malware, which is targeting more than 4.5 million PCs in a massive botnet equipped with an anti-virus to prevent other viruses from taking over.

“The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today,” the firm reported.

A security expert said that TDSS uses a range of methods to evade signature, heuristic and proactive detection and uses encryption to facilitate communication between its bots and the botnet command and control center.

"Affiliates can use any installation method they choose. Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services. The malware writers extended the program functionality, changed the algorithm used to encrypt the communication protocol between bots and the botnet command and control servers."

Kaspersky said the botnet’s name and capabilities have changed since it first appeared in 2008 as TDL.

"The changes in TDL-4 affected practically all components of the malware and its activity on the web to some extent or other. Affiliates receive between $20 to $200 for every 1,000 installations of TDL, depending on the location of the victim computer," the security firm said.

Botnets are networks of maleware-infected computers used by cybercriminals and hackers to engage in a number of activities including the delivery of spam, launching distributed denial-of-service attacks, manipulating search results and stealing sensitive data.