The Latest in IT Security

TLD4: Less hype, more history

02
Jul
2011

Quite rightly, such notables as Paul Ducklin and our own Randy Abrams have poured scorn on the idea of the “indestructible botnet”: indeed, Randy remarked:

“Calling the botnet indestructible is tantamount to calling the Internet unsustainable . I suspect that, in time, we’ll discover the ‘T’ in TDL stands for ‘Titanic,’ and a currently unseen iceberg will sink it.”

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It’s introduced new twists on old ideas like P2P networks and hiding malware – just as previous malware has used sectors marked as bad, slack space, or streams, TDL uses a hidden file system. 

It’s also very adaptive, and its use of Pay Per Install (PPI) business model rather like that used for distribution of browser toolbars via affiliates like DogmaMillions and GangstaBucks, as described in our article at  http://resources.infosecinstitute.com/tdss4-part-1/, has been very effective – and so has ruthlessly eliminating some of the competition. But there is no indestructible malware. Rather, it’s a war of attrition – threat, counterthreat, counter-counterthreat.. In the long run, though, the security community has one big advantage: it isn’t also hiding from the law, and in fact, we sometimes cooperate very closely with law enforcement and other agencies.

The update of our comprehensive paper on TLD4 and its earlier incarnations has just become available on the ESET white papers page if you care to read more about how it really works.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments