Stormy seas ahead in fight against botnets like TDL-4
July 1, 2011 — By Paul Mah
The fight against botnets looks set to get tougher, judging from recent research from Kaspersky Lab on the TDL-4 malware. If you haven't seen it in the news yet, you may want to read more about how the TDL-4 botnet is "practically indestructible."
In a nutshell, the TDL-4 bot malware is an advanced piece of code that avoids detection and stays firmly lodged in your PC. Its strategies include encrypted communications that use HTTPS to evade traffic analysis attempts, as well as the elimination of competing malware in order to stay fully functional and keep victims in the dark. And to ensure that the bot remains connected even in the face of aggressive take-down attempts like the one Microsoft pulled on Rustock earlier this year, TDL-4 uses an additional communications channel that relies on peer-to-peer technology to connect back with a command and control server.
Story Here