Massive Indestructible Botnet

&#62; TDL-4's makers created their own encryption algorithm<p>Two comments about this<p>-- I give it maybe a week or two against a good cryptographer. You never, ever invent your own encryption algorithm.<p>-- Even if the encryption algorithm happens to be secure against differential/linear/slide/boomerang attacks, I bet there will be an implementation flaw. It's really hard to get implementation right on those things, even if you have an almost perfect algorithm.<p>Not that that all really matters -- anything that it's encrypted can be decrypted since they key lives on the computer -- but the fact that they created their own encryption algorithm gives some insight in to their minds. Namely, that they they they are smarter than they really are, and that despite all of that, they don't know enough about security to stick with AES.<p>&#62; and the botnet uses the domain names of the C&#38;C servers as the encryption keys.<p>... what? That kind of defeats the entire purpose of encryption when they key is something like that. Besides, what are they using this encryption for. It seems more likely they want a check on the integrity of messages. And even still, a MAC is equally worthless since it's not public/private key.<p>Either (1) this botnet is really weak or (2) the writers of this article have distorted the truth.

Anyone got a link to a source with some info that isn't aimed at someone with the technical expertise of the average pensioner? There was no information in this article.<p>Who <i>are</i> these people that read the front pages of both Hacker News and computerworld.com?<p>EDIT: This is more like it: <a href="http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4" rel="nofollow">http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4</a><p>EDIT2: That link was just an initial analysis of the infection vectors, here's a more full analysis of the payload and suchlike <a href="http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot" rel="nofollow">http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot</a>

In my opinion, a very poorly written article, but here are some of the main points:<p>1. estimated 4.5 million infected machines<p>2. it infects the Master Boot Record<p>3. it uses the Kad Network (<a href="http://en.wikipedia.org/wiki/Kad_network" rel="nofollow">http://en.wikipedia.org/wiki/Kad_network</a>) to issue commands to the clients (No idea how, the article did not explain this)<p>4. it disables competing malicious software<p>5. it acts as a malicious software manager; they install software for their "customers" to temporarily use

So at what point does a botnet cease to be a parasite and start to be a symbiote?<p>If TDL-4 keeps your machine free of other malware at the cost of engaging in the occasional DDoS....<p>Actually, wouldn't TDL-4's owners possibly earn <i>more</i> money by doing remote management and tuning of 4.5 million PCs than they could by selling malware connectivity?

Indestructable isn't the right word to describe this. More like very resilant or resistant. Title is very linkbait and the reporting looks like its based off of phrases by security researchers.

So that's how some videos on youtube have millions of hits before anyone has heard of them...

Is it just me, or does this article read like a sales brochure for TDL-4?

Wouldn't it help to have a read-only bootup DVD to scan the MBR?

Not even a software firewall can pick up connections? I always look to firewalls for abnormal activity.

Fancy cryptography, p2p networking, with web-based command and control: indestructible 'new' type of botnet, or practically identical to Zues? You decide!

<i>TDL-4's makers use the botnet to plant additional malware on PCs</i><p>Whoa, it's the evil app store!<p>Could this be used to take the botnet down? Pay them to install something and sneak in an antidote?

good old fdisk /fixmbr ;)

security ? who cares ?

Why is anybody on Earth still using Windows?

Next thing you know it'll be asking to be uploaded onto a mining colony on some asteroid!