View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cyber criminals spend $250,000 for a botnet of US users: Kaspersky

Cybercriminals offer anonymous access services for 100 dollars per month; TDSS is most advanced malware

By CBR Staff Writer

Computer security company Kaspersky Lab has estimated that the expenditure of cybercriminals on the creation of a botnet made up of American users is around $250,000.

The company found that malicious software program TDSS (another term for TDL) is one of the most advanced and perfected tools used by cyber criminals today.

The malware uses sophisticated methods to infect a system, hide its tracks, control the PC remotely and prepare it for installation of other malicious programs. It has allowed its author to create a botnet made up of millions of personal computers, said Kaspersky.

Experts at Kaspersky Lab investigated the behaviour of a new version of the TDL-4 malicious program and evaluated its new capabilities. They found that among the new capabilities of the malware was the use of peer-to-peer (P2P) networks.

The analysis of TDL-4 undertaken by Kaspersky Lab experts Sergey Golovanov and Igor Sumenkov has also allowed them to estimate the number of infected PCs.

TDL-4 can not only build a botnet which is as well-hidden from competitors and anti-virus companies, it can now delete around 20 of the most popular competing products on an infected machine, including Gbot, ZeuS and Optima, said Kaspersky.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Besides, TDSS itself installs on a PC around 30 utilities, including fake anti-virus programs and systems for both increasing advertising traffic and distributing spam.

One of the most significant new additions to TDL-4 is the possibility to infect 64-bit operating systems.

The Moscow-based company said that for the first time the Kad public file exchange network (used by P2P networks) is being used to control the botnet.

Another new function of TDL-4 is the possibility to open a proxy-server.

Kaspersky said cybercriminals offer anonymous access services via infected computers, charging for such a service around 100 dollars per month.

Like previous versions, TDL-4 is distributed mainly with the use of so-called partner programs. The authors of the malware do not expand the network of infected computers themselves; instead they pay third parties for that. Depending on the particular terms and conditions, partners are paid from 20 to 200 US dollars for the installation of 1000 malicious programs.

Kaspersky said that its data shows that in just the first three months of 2011, TDL-4 helped infect more than 4.5 million computers around the world, with a large proportion of those being situated in the US. The estimated expenditure of cybercriminals on the creation of a botnet made up of American users is around $250,000.

The experts who carried out the investigation said the development of TDSS will continue.

They said, "Malware and botnets connecting infected computers will cause much unpleasantness – both for end-users and IT-security specialists. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the launch of a new operating system, use of exploits from the Stuxnet arsenal, use of p2p technologies, proprietary "anti-virus" and much much more make the TDSS malicious program one of the most technologically developed and most difficult to analyse."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.