A network of 4.5 million PCs, all infected by the same virus, has been discovered and could be almost impossible to destroy.
The network, known as a botnet, has been created by the fourth version of the TDL virus, which is unknowingly downloaded to vulnerable PCs from booby-trapped websites typically offering pirated movies, video sharing or porn. The PCs have become infected over the past three months with most computers in the US (28 percent) with India (7 percent) and the UK (5 percent) also hosting significant numbers of infected PCs.Once infected, the PCs will be controllable by the owners of TDL-4 who can use them to send spam emails, steal information from the computer itself or, used together, the botnet can be used to carry out Distributed Denial of Service (DDoS) attacks such as those we’ve seen recently against the CIA website.
Security experts at Kaspersky, who have looked into the virus said it was the “most sophisticated threat today” adding: “The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies." TDL has been around since 2008 and over the years the owners have been “perfecting their creation little by little.”
Once downloaded the virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is rarely scanned by standard anti-virus programs, making it tough to spot. TDL-4 has added encryption to communications between those controlling the botnet making it tougher for experts to understand what is going on. However, researchers looking into the virus have found bugs in the complex code which could aid them in discovering who is behind the virus.