Skip to main content

"Indestructible" TDL-4 Botnet To Popularise MaaS Market

If there's one point that the detailed analysis of the TDL4 or TDSS botnet by Sergey Golovanov and Igor Soumenkov of Kaspersky Labs revealed, it is that criminals are expanding into Malware as a service or MaaS.

Some analysis was done by an employee of Kaspersky Labs' rival, Paul Ducklin (opens in new tab), who is the head for Sophos in the APAC region; he stated that the "TDL rootkit family is, indeed, one of the trickiest rootkits around" and that the latest version was "particularly sneaky".

He notes how the technology behind the rootkit family is heavily guarded, that it is a closed source, a proprietary set of bytes and in some aspect, a genuine trade secret that can earn its owners a fortune.

Duckling points out rightly that you cannot buy the source code per se and that you can only rent time on a botnet that is built using the TDL4 toolkit, in essence replicating the business model of Software-as-a-Service.

The owners of the rootkit go to great lengths to make sure that its turf, which is literally the millions of computers that are part of its army, are protected from other rogue malware.

The defence mechanism includes its own antivirus to take out other competing malware and eliminate the risk of potential conflicts as well as the use of public P2P networks to link the slave computers to Command and Control servers.

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.