Home / News / Internet News / 4.5 Million PCs Infected By TDL Virus

4.5 Million PCs Infected By TDL Virus

David Gilbert


TDL-4 Botnet

A network of 4.5 million PCs, all infected by the same virus, has been discovered and could be almost impossible to destroy.

The network, known as a botnet, has been created by the fourth version of the TDL virus, which is unknowingly downloaded to vulnerable PCs from booby-trapped websites typically offering pirated movies, video sharing or porn. The PCs have become infected over the past three months with most computers in the US (28 percent) with India (7 percent) and the UK (5 percent) also hosting significant numbers of infected PCs.

Once infected, the PCs will be controllable by the owners of TDL-4 who can use them to send spam emails, steal information from the computer itself or, used together, the botnet can be used to carry out Distributed Denial of Service (DDoS) attacks such as those we’ve seen recently against the CIA website.

Kaspersky Lab

The location of PCs infected by the TDL-4 virus

Security experts at Kaspersky, who have looked into the virus said it was the “most sophisticated threat today” adding: “The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies." TDL has been around since 2008 and over the years the owners have been “perfecting their creation little by little.”

Once downloaded the virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is rarely scanned by standard anti-virus programs, making it tough to spot. TDL-4 has added encryption to communications between those controlling the botnet making it tougher for experts to understand what is going on. However, researchers looking into the virus have found bugs in the complex code which could aid them in discovering who is behind the virus.

Source: Kaspersky


June 30, 2011, 9:25 pm

And here was me naively thinking that you might mention or link to a site/software that can check for TDL-4 and remove it...


July 1, 2011, 3:03 am

"...the virus installs itself in a Windows system file known as the master boot record."

So would reformatting the disk, and re-installing Windows help?

Also, isn't that how root-kits are installed? Various FREE anti-virus software have a facilities to check for root-kits and scan in/outgoing e-mails for viruses.

The Firewall should only let through traffic in/out for programs which you have set to access the internet?

See also FREE programs suggested in one of the reviews. Among them should be a programme that monitors what is installed on your PC (eg cookies etc).

Also Fire Fox has various utilities which (bloody slow the FF browser) but provide additional security (warnings) against possible booby-trapped websites. Again TR did a news article a little while ago on this when Mozilla announced it was going to name-and-shame those add-ons that slow down FF.


July 1, 2011, 3:18 am

what they should do is teach proper real world IT skills in school, like how to maintain your computer, how to backup your files and how to reinstall the OS, instead of uselessness like how to open word and underline the title.

if they tought proper useful skills like what malware is and how to avoid, detect and remove it (esp by knowing how to reinstall an OS) then I suspect that infection rates (even of hard to remove rootkits and this virus) would plumet to the ground.


July 2, 2011, 5:15 am

@Jay4d0 - 11:18 PM on 30 June, 2011

Don't be silly!

You don't need that for 'media' studies ;-)

comments powered by Disqus