TDL-4
Encyclopedia
TDL-4 is a highly advanced, fourth generation botnet
found worldwide (over a quarter of infected machines are in the US) and the name of the rootkit
that runs the botnet (also known as Alureon
) . Over 4.5 million machines were infected with it in the first three months of 2011, and the botnet continues to grow as no effective measures have been found to prevent it. It infects the master boot record
of the target machine, making it harder to detect and remove. Major advancements include encrypting communications, decentralized controls using the Kad network
, as well as deleting other malware
.
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
found worldwide (over a quarter of infected machines are in the US) and the name of the rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
that runs the botnet (also known as Alureon
Alureon
Alureon is a trojan and bootkit which is designed, amongst other things, to steal data by intercepting a system's network traffic and searching it for usernames, passwords and credit card data....
) . Over 4.5 million machines were infected with it in the first three months of 2011, and the botnet continues to grow as no effective measures have been found to prevent it. It infects the master boot record
Master boot record
A master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
of the target machine, making it harder to detect and remove. Major advancements include encrypting communications, decentralized controls using the Kad network
Kad Network
The Kad network is a peer-to-peer network which implements the Kademlia P2P overlay protocol. The majority of users on the Kad Network are also connected to servers on the eDonkey network, and Kad Network clients typically query known nodes on the eDonkey network in order to find an initial node...
, as well as deleting other malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
.