The Latest in IT Security

TLD4: Less hype, more history


Quite rightly, such notables as Paul Ducklin and our own Randy Abrams have poured scorn on the idea of the “indestructible botnet”: indeed, Randy remarked:

“Calling the botnet indestructible is tantamount to calling the Internet unsustainable . I suspect that, in time, we’ll discover the ‘T’ in TDL stands for ‘Titanic,’ and a currently unseen iceberg will sink it.”

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It’s introduced new twists on old ideas like P2P networks and hiding malware – just as previous malware has used sectors marked as bad, slack space, or streams, TDL uses a hidden file system. 

It’s also very adaptive, and its use of Pay Per Install (PPI) business model rather like that used for distribution of browser toolbars via affiliates like DogmaMillions and GangstaBucks, as described in our article at, has been very effective – and so has ruthlessly eliminating some of the competition. But there is no indestructible malware. Rather, it’s a war of attrition – threat, counterthreat, counter-counterthreat.. In the long run, though, the security community has one big advantage: it isn’t also hiding from the law, and in fact, we sometimes cooperate very closely with law enforcement and other agencies.

The update of our comprehensive paper on TLD4 and its earlier incarnations has just become available on the ESET white papers page if you care to read more about how it really works.

ESET Senior Research Fellow

Leave a reply


TUESDAY, MAY 18, 2021

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments