“More than four million PCs have been enrolled in a botnet security experts say is almost ‘indestructible,'” BBC News reports.
“The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down,” The Beeb reports. “Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.”
Advertisement: Students, parents and Faculty save up to $200 on a new Mac.
“Security researchers said recent botnet shutdowns had made TDL’s controllers harden it against investigation,” The Beeb reports. “The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The changes introduced in TDL-4 made it the ‘most sophisticated threat today,’ wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.”
The Beeb reports, “A botnet is a network of computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims’ [WIndows] PCs or use the machines to send out spam or carry out other attacks. The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Tony” for the heads up.]
Related articles:
The Microsoft tax: Stuxnet computer worm infects Microsoft’s porous Windows OS; Mac unaffected – September 27, 2010
The Microsoft Tax: New undetectable Windows trojan empties bank accounts worldwide; Mac unaffected – August 11, 2010
The Microsoft Tax: Windows zero-day flaw exposes users to code execution attack; Mac unaffected – August 09, 2010
The Microsoft Tax: Critical flaw lets hackers take remote control of Windows PCs; Mac unaffected – August 07, 2010
The Microsoft Tax: New attack bypasses every Windows XP security product tested; Mac unaffected – May 11, 2010
The Microsoft Tax: McAfee correctly identifies Windows as malware; Macintosh unaffected – April 21, 2010
The Microsoft Tax: DNS Windows PC Trojan poses as iPhone unlock utility; Mac and iPhone unaffected – April 15, 2010
The Microsoft Tax: 1-in-10 Windows PCs still vulnerable to Conficker worm; Macintosh unaffected – April 08, 2010
The Microsoft Tax: 74,000 Windows PCs in 2,500 companies attacked globally; Mac users unaffected – February 18, 2010
The Microsoft Tax: Widespread attacks exploit Internet Explorer flaw; Macintosh unaffected – January 22, 2010
The Microsoft Tax: Windows 7 zero-day flaw enables attackers to cripple PCs; Macintosh unaffected – November 16, 2009
The Microsoft Tax: Windows 7 flaw allows attackers to remotely crash PCs; Macintosh unaffected – November 12, 2009
The Microsoft Tax: Windows virus delivers child porn to PCs, users go to jail; Mac users unaffected – November 09, 2009
The Microsoft Tax: Worms infest Windows PCs worldwide; Mac users unaffected – November 02, 2009
The Microsoft Tax: Banking Trojan horse steals money from Windows sufferers; Mac users unaffected – September 30, 2009
The Microsoft Tax: Serious Windows security flaw lets hackers to take over PCs; Macintosh unaffected – July 07, 2009
The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected – April 29, 2009
The Microsoft Tax: Conficker virus begins to attack Windows PCs; Macintosh unaffected – April 27, 2009
The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion – April 24, 2009
It is “destructible.” We ONLY reformat ALL Windows PCs at the same time…
The only problem is that the computers will nearly all be infected again as soon as they reconnect. If I recall correctly, it takes about 30 minutes for a win PC on the net to get infected but (and I have done this lots of times) it takes nearly 4 hours to download all the code to make it as secure as a windows box can be, not that that is saying much. On the other hand, if all windows machines were reformatted to Linux or BSD, the botnet would die an instantaneous and permanent death.
Which why the IT people at my current and former job would install all the latest patches, antivirus, etc. from the LAN and not online.
And they somehow thought this was tolerable.
This kind of virus infection is inevitable for any computer platform… but only if that computer platform has “Windows” or “Android” in its name somewhere. 😉
I’m so glad that Apple’s platforms are strong enough and prominent enough to further expose just how culpable Microsoft really is here. Hopefully, the rest of the world is waking up to the fact that this only happens to platforms whose security foundation was not designed properly. (And I have no doubt something like this will pop up on Android soon, if it hasn’t already.)
“The botnet, known as TDL, targets Windows PCs…”
This line really illustrates how times have changed.
It wasn’t that long ago that the writer would not have bothered to identify Windows computers as only those affected by the malware.
Heh, heh, heh.
Wasn’t kaspersky calling for Apple to open the iPhone’s walled garden a couple of weeks ago so that it would be easier to write security apps for it? As the Mac App Store gains popularity, I would believe that the Mac will get even more secure, since people will get mire accustomed to installing approved software on their system.
Believe me, I do not miss being an agent for the CDC (computer disease control) for all of my pre-Mac years. And I still get calls to help search and destroy on friends PCs. My first recommendation is now: “Get a Mac.”
The best phrasing of this comment that I ever heard is”
“Put two big handfuls of Epsom salts in the bathtub, fill it with the hottest water you can get. Then soak the PC overnight and get a MAC in the morning”, works every time.
+1
2
=:~)
I’ve forgotten what it’s like to have viruses, bots, etc.
Indeed!
Once you go Mac, you’ll never go back!
I’m sorry I must be under a misapprehension. I thought Windows Vista was itself a virus. I know whenever I encounter Office 2010 I always wished a virus would get rid of that awful Ribbon interface.
TDL = Total Destruction of Losers
aka LUSERs
But wait, hasn’t everyone been assuring us that macs are just as vulnerable as windows pcs, and that ANY MOMENT NOW we’ll all be sorry as Mac malware suddenly becomes…oh never mind
Yeah, that’s what IT has been telling me at every location I’ve worked since 2000.
Hey, that reminds me – whatever happened to that one Mac trojan that popped up recently? Mac Defense or something like that?
Good thing the tech press spent so much time covering that, instead of stuff like this which can actually spread on its own, is far more serious, and affects many more people…
The MAC Defender Trojan malware rat had a mini-war with Apple for a couple weeks then gave up. Apple’s XProtect software, which is part of Snow Leopard, immediately countered every new version of the Trojan with auto-updated removal signature files. At this point there have been 15 versions of MAC Defender, versions A-O, with nothing new for the past couple weeks.
Mac-Security Blog
Wait so you can’t monitor your pc traffic and block those suspicious ones?
Even on my Mac using little snitch is indispensible . Already blocked several ” suspicious ” programs trying to connect to Internet.
Malware sucks and I feel for anyone who has to deal with it.
That is the one thing I have really enjoyed about my mac, I don’t run anti virus or anti spyware software on it.
My mac lives among a bunch of PCs and has proven over time to really be the most trouble free computer I have owned.
I’m not sure why these guys are claiming TDL4 is nearly indestructible, its a rootkit that starts up by way of a bootkit, which makes it harder to detect, but removal can be done with utilities already on any Windows PC. Multiple vendors have also released removal tools.
After playing with an older release of TDL I can say its an impressive piece of work… from a purely ‘educational’ and technical standpoint. I feel sorry for anyone infected with the POS.
Maybe because it has custom encryption.
Indeed it does. The removal is easy, its the detection that is tricky, the payload once in memory manipulates api calls to the filesystem making it hard to find.
Please people, just use a Mac! 🙂
Look, I know that the Mac is not infallible. I know that one day, in the far distant future, we may have to deal with this crap. Having owned macs in my house for the last seven years and providing the IT support for Windows at work, I can tell you that I loath these pimp-faced dorks, who have probably never even seen a girl, develop these damn programs. If you have ever spent your day trying to fix a computer because Sally didn’t know she wasn’t supposed to open email from strangers, then you know what I am talking about.
China I believe, has instituted a new law – write a virus & get caught – we string you up by your nuts. Oh wait, that’s what I wish would happen.
Viruses, Trojans, Mal-Ware, Windows – every last developer of these – Let them swing in the wind!
Malware, virus (sophisticated or not), trojans, etc. on a Windows computer? Is that news? I thought that was just common knowledge at this point. . . 😛
“Macintosh unaffected”
Au contraire, every Macintosh IS affected…in the form of spam showing up unwanted in their e-mail inboxes. When botnets attack, we all lose. (Some more than others, of course…. 🙂 )