Kaspersky: Massive botnet is 'practically indestructible'

By Matthew · 38 replies
Jun 30, 2011
Post New Reply
  1. Kaspersky security researchers have sounded the alarm over a new botnet that is said to be virtually "indestructible." Known as TDL-4 -- the fourth generation of 2008's TDL botnet/malware --…

    Read the whole story
  2. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,010   +18

    Today is a day full of synergies...

    The cell phone began to ring. The sound of <Insert Top 40 rap song> filled the spacious interior of the Mercedes G55 AMG. The driver rolled his eyes.
    The young man in the back seat pulled the iPhone 6 out of his leather jacket, and saw a blocked number. He took the call.
    "Ivan Kaspersky."
    "Ivan. You remember me?"
    His mind raced back to the kidnapping. The he will remember that voice for the rest of his life.
    "Good. Activate the TDL-4 botnet."
    He knew what would happen if he wouldn't.
    The call ended.
    The young man, looked into the rear view mirror and met the driver's gaze.
    "Turn around, back to headquarters."

    At the other end of the line, an old man put the phone down on an oak desk .
    "It is done."
    The large leather chair on the other side of the desk turned to face him, and sitting in it was the smiling Natalya Kaspersky.

    Kaspersky II: Rise of the Botnet. Coming 2012.
  3. superty12

    superty12 TS Enthusiast Posts: 413

    How to stop: Install a bootloader. Why it works: Installs over virus. System Restore from Safe Mode and it is not there. Indestructable? No.
  4. @superty12 Its not indestructible in that way. They are saying it's difficult to shut down because of its p2p network
  5. If it's infecting the MBR, it should be no problem for SOME XP users to bulletproof their systems.

    It's a rather simple process to bulletproof your master boot record (MBR) in windows XP. All it requires a floppy drive, and the ability to boot to it.

    What you have to do is copy boot.ini, NTDETECT.COM, and ntldr from your hard drive to the floppy, and open the write protect tab. Then set your machine to boot off the floppy first. Another copy of your floppy can sometimes be used to boot other infected machines for cleaning.

    There is no way to get around a floppy's write protection with software, or firmware.

    More detailed info on how to actually make the floppy can be found on this page: http://www.spambotsecurity.com/maintenance.php
  6. indestructible is a bit of strong word here. Keep in mind that Kaspersky Lab wants to maybe spread panic in order to sell their products.
  7. Kaspersky had a virus on their own website awhile back...how good of a anti virus is that
  8. Puiu

    Puiu TS Evangelist Posts: 2,673   +1,106

  9. Lokalaskurar

    Lokalaskurar TS Enthusiast Posts: 544

    @Guest on July 1, 2011, 2:27 AM
    Ey, that sounded like a pretty clever idea. Might try it, can't destroy the PC or anything anyway. Hopefully it'll work with 720k floppies as well, I presume.
  10. Here's a Microsofot blog on the malware and how to remove it.

  11. freythman

    freythman TS Booster Posts: 113   +10

  12. @Lokalaskurar

    I don't know why 720K shouldn't work. I am showing just under 300K used on this 1.44.

    Heck, if you really want funny looks from people, dig way deep in the junk box and mount a 5.25 320K floppy and boot off that.

    Zap :)
  13. get a mac end of problem, have fun with the indestructible botnet, just bunch of media hype to sell more antivirus, all part of market scam, called windows, .........is the world really coming to a end??? is the sky falling,
  14. Sure we can all get macs. Once enough people have macs then the ones making the viruses and malware will start writing bugs for macs and we will all realize too late that mac has almost no real protection from viruses. Its only protection right now is that nobody cares to write viruses for its platform.
  15. I would if I did not mind being controlled by Apple ( and could afford it ).
  16. You could do the same with a usb...
  17. Lokalaskurar

    Lokalaskurar TS Enthusiast Posts: 544

    Yeah, I referred to a 720k flippy-floppy :) - Ever seen one mounted next to a BD-ROM? Great for starting conversations ;)
  18. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +422

    That would be pretty cool. Wonder how many still work though, I would think age would have taken its toll on the media.

    I'd have to go the 5.25" route anyway, my floppy opening on my case is filled with one of those 348761 in 1 card readers (well ok, maybe it doesn't read that many types of cards :) ).
  19. @Guest Sorry dude. The braniacs have run your theory through and through and it just doesn't stack up to the facts. The OSX platform has been increasing for a while now, but the number of viruses for OSX has not increased. The installed based of users and computers grows and the number of viruses for OSX does not. All of these Macs out there, all of these unprotected systems ripe for the bot handler to seize control of and use to make some $$ and yet, no one is infecting these computers. It would be gold rush for these bot handlers to break into the OSX platform and seize control of all of these computers and they haven't done it. It's not because they don't want to or because the Windows computers are easier or larger, it is because they cant break into them and infect them. This has and will remain true about the Mac OS. It has to do with what the OS is built on, and it's not built on Microsoft Windows. We shouldn't even have viruses and the malware problem that we have. That's a Microsoft creation and rests on their shoulders for not scrapping their OS and building it again the right way, with security in mind. It amazes me that so many companies that are so concerned about information security, choose to run their business on the Windows platform.
  20. Lokalaskurar

    Lokalaskurar TS Enthusiast Posts: 544

    Well if there is a way to avoid the 'indestructible virus', I'll take it if necessary. Even if I have to dust off a floppy. (Or a flashdrive, as pointed out).

    We're already coming up with ideas on how to stop it, and we're not even part of the 'brainiacs'. I'm with the confident guy at the end of the article.

    @SNGX1275: Fact, showed a 720k floppy in class, not even the teacher knew what it was. Not blaming him though, the medium is older than him. Personally have two units, only one works - just had to try it, ended up next to the BD-ROM, indescribable I guess...
  21. red1776

    red1776 Omnipotent Ruler of the Universe Posts: 5,224   +164

    " I was on the edge of my seat!"

    "I could not put it down!".......
    " Suspenseful and terrifying!"


    "Gwailo captures the essence of fear with every page!"

    "***** Five stars!"
  22. And what if we already have a Boot Loader installed? You think that would take up enough necessary room to keep TDL from installing?
  23. superty12

    superty12 TS Enthusiast Posts: 413

    I think it will install over the bootloader. You have to counter with a reinstall.
  24. Lokalaskurar

    Lokalaskurar TS Enthusiast Posts: 544

    It will probably just overwrite the existing bootloader, or replace the necessary files. Think this scenario: if a bootloader would stop it, then why is it dangerous? Every machine needs a bootloader to operate, so every machine it infects already has one.
  25. Why not use a USB "disk" with a physical write protect switch?

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...