Cyber criminals deploy TDL-4 virus to create indestructible botnet of 4.5m computers

Over 4.5 million computers around the world have been infected by the TDL-4 virus, creating a potentially indestructible botnet.

The owners of TDL are trying to create an indestructible botnet protected against attacks, competitors and antivirus companies, said security company Kaspersky.

The botnet, which targets Windows PCs, is used by cybercriminals to manipulate adware and search engines, provide anonymous internet access and act as a launch pad for other malware.

The virus is usually spread through plants on pornographic sites, bootleg websites and video and file storage services.

TDL and the botnet that unites all the computers it infects will continue to cause problems for users and IT security professionals alike, wrote Sergey Golovanov and Igor Soumenkov, researchers at Kaspersky Labs. "The decentralized, server-less botnet is practically indestructible," they said.

A quarter of all infected computers are in the United States, worth $250,000. Just 5% of the infected computers are from the UK.

The malware detected by Kaspersky is the most sophisticated threat today, said Sergey Golovanov and Igor Soumenkov. The virus uses a range of methods to evade signature and detection, using encryption to facilitate communication between its bots and the botnet command and control centre. TDL-4 also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.

Like older versions of TDL, TDL-4 is spread through affiliate programmes, which check the version of the operating system on a victim machine and then download TDL-4 to the computer. Affiliates receive between $20 to $200 for every 1,000 installations of TDL, found Kaspersky.

One of the key changes in TDL-4 compared to previous versions is an updated algorithm encrypting the protocol used for communication between infected computers and botnet command and control servers, said the security company.