Computer security company Kaspersky Lab has estimated that the expenditure of cybercriminals on the creation of a botnet made up of American users is around $250,000.
The company found that malicious software program TDSS (another term for TDL) is one of the most advanced and perfected tools used by cyber criminals today.
The malware uses sophisticated methods to infect a system, hide its tracks, control the PC remotely and prepare it for installation of other malicious programs. It has allowed its author to create a botnet made up of millions of personal computers, said Kaspersky.
Experts at Kaspersky Lab investigated the behaviour of a new version of the TDL-4 malicious program and evaluated its new capabilities. They found that among the new capabilities of the malware was the use of peer-to-peer (P2P) networks.
The analysis of TDL-4 undertaken by Kaspersky Lab experts Sergey Golovanov and Igor Sumenkov has also allowed them to estimate the number of infected PCs.
TDL-4 can not only build a botnet which is as well-hidden from competitors and anti-virus companies, it can now delete around 20 of the most popular competing products on an infected machine, including Gbot, ZeuS and Optima, said Kaspersky.
Content from our partners
Besides, TDSS itself installs on a PC around 30 utilities, including fake anti-virus programs and systems for both increasing advertising traffic and distributing spam.
One of the most significant new additions to TDL-4 is the possibility to infect 64-bit operating systems.
The Moscow-based company said that for the first time the Kad public file exchange network (used by P2P networks) is being used to control the botnet.
Another new function of TDL-4 is the possibility to open a proxy-server.
Kaspersky said cybercriminals offer anonymous access services via infected computers, charging for such a service around 100 dollars per month.
Like previous versions, TDL-4 is distributed mainly with the use of so-called partner programs. The authors of the malware do not expand the network of infected computers themselves; instead they pay third parties for that. Depending on the particular terms and conditions, partners are paid from 20 to 200 US dollars for the installation of 1000 malicious programs.
Kaspersky said that its data shows that in just the first three months of 2011, TDL-4 helped infect more than 4.5 million computers around the world, with a large proportion of those being situated in the US. The estimated expenditure of cybercriminals on the creation of a botnet made up of American users is around $250,000.
The experts who carried out the investigation said the development of TDSS will continue.
They said, "Malware and botnets connecting infected computers will cause much unpleasantness – both for end-users and IT-security specialists. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the launch of a new operating system, use of exploits from the Stuxnet arsenal, use of p2p technologies, proprietary "anti-virus" and much much more make the TDSS malicious program one of the most technologically developed and most difficult to analyse."
