Insecuirity experts at Kaspersky Lab have dubbed the latest version of the malware, TDSS, TDL-4 as the most complex and sophisticated tool is the in the cybercriminals’ arsenal.
In statement the outfit said that the powerful rootkit component and other TDL capabilities allow the author to create a botnet made up from millions of personal computers. Kaspersky Lab said that the software has its own encryption method for communication between computers in the botnet and to the command and control servers. It also used of a public peer-to-peer network for sending commands to control infected computers, and adding proxy server functionality to enabling cybercrimnals to sell anonymous internet access through infected computers.
Kaspersky Lab experts, Sergey Golovanov and Igor Sumenkov warned that changes in TDL-4 have been aimed at building a botnet which is as well-hidden from competitors and anti-virus companies alike. It would also allow access to infected machines even if all the command centres were closed. TDL-4 can now delete around 20 of the most popular competing malware on an infected machine, including widespread programs such as Gbot, ZeuS, Optima and others, they said.