TDL-4

TDL-4 is a highly advanced, fourth generation botnet found worldwide (over a quarter of infected machines are in the US) and the name of the rootkit that runs the botnet (also known as Alureon). Over 4.5 million machines were infected with it in the first three months of 2011, and the botnet continued to grow after that.

It first appeared in 2008 as TLD-1 being detected by Kaspersky Lab in April of 2008. Later version two appeared known as TLD-2 in early 2009. Some time after TDL-2 became known, emerged version three which was titled TLD-3.[1]This lead eventually to TLD-4.[2]

It was often by noted by journalists as "indestructible" in 2011, although it is removable with tools such as Kaspersky's TDSSKiller.[3][4] It infects the master boot record of the target machine, making it harder to detect and remove. Major advancements include encrypting communications, decentralized controls using the Kad network, as well as deleting other malware.[5][6]

See Also

References

  1. "TDSS".
  2. "TDL4 – Top Bot".
  3. Herkanaidu, Ram (4 July 2011). "TDL-4 Indestructible or not? - Securelist". securelist. Retrieved 28 June 2012.
  4. Golovanov, Sergey; Igor Soumenkov (27 June 2011). "TDL4 – Top Bot - Securelist". Securelist. Retrieved 28 June 2012.
  5. Reisinger, Don (30 June 2011). "TDL-4: The 'indestructible' botnet? | The Digital Home - CNET News". News.cnet.com. Retrieved 15 October 2011.
  6. ""Indestructible" TDL-4 Botnet?". Techno Globes. 2 July 2011. Archived from the original on 12 October 2011. Retrieved 16 March 2016.
This article is issued from Wikipedia - version of the Monday, April 11, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.