Silicon Shecky

Infosec Practitioner

Connect

TDL-4: Is it the Godfather of Botnets?

By Leave a Comment

“I’ll make them an offer, they can’t refuse.” Remember that line? Well it seems that the TDL-4 botnet is using the same line, and very effectively.

TDL-4 has over 4.5 Million Zombies according to recent reports. It removes Malware it doesn’t like. It hides in the MBR of a machine, making it difficult to remove. All of these statements have been going around, and you can read more about the inner workings of TDL-4, all over the web. Kaspersky has a real good look at it. All that said, why am I looking at this phenom of a botnet? The botnet they claim is nigh indestructible.

to tell the truth, I’m looking at this from another angle. You see the ads on the sidebar of my page (unless you have an ad blocker). Yes, I put ads up on my site, in hopes of someone clicking on that ad, and then purchasing from the site. Its called affiliate marketing. I get a kickback if anyone does. I personally would love for those ads to pay for this blog, but so far, I haven’t made a cent. That is fine, this blog isn’t going away, and that is not the point of my rambling. The point is Affiliate Marketing.

Affiliate Marketing, is used by some people to great success. There are people who make millions of dollars per year through Affiliate Marketing. There are states which are writing laws to stop online companies from not paying taxes, claiming that Affiliate Marketing means the company has a physical presence in their state. It a big deal.

This brings us back to TDL-4. TDL-4 not only is a nasty nasty bug, but it gets spread through its own form of Affiliate Marketing in the underworld. In fact, people can get anywhere from $20 to $200 dollars per 1000 infections according to the Kaspersky article. These Affiliates can get credit for infections through multiple methods. Man in the middle Hijacking, Fake ads, Phishing scams, you get the picture.

So the botnet expands, the criminals all get a chunk of the cash, and we, the normal users get stuck with PCs that wind up slow, or mail servers that wind up blacklisted. It becomes a headache for IT. We can patch, run anti-viruses, have firewalls, and follow best practices to our hearts content, and we still are going to be vulnerable. We need some way of getting ahead of the curve on the whole issue. Unfortunately, that would rely con companies being forthcoming about their shortcomings, and letting people see code. That isn’t going to happen for a long time. So instead, TDL-4 will keep making deals the criminals can’t refuse.