More than four million PCs have been enrolled in a botnet security experts say is almost “indestructible”.
The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down.
Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.
Security researchers said recent botnet shutdowns had made TDL’s controllers harden it against investigation.
The 4.5 million PCs have become victims over the last three months following the appearance of the fourt.h version of the TDL virus.
“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies.
A botnet is a network of home computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims’ PCs or use the machines to send out spam or carry out other attacks.
The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.
It is one of the most sophisticated botnets out today
The virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.
