An insidious new virus called TDL-4 has been invented that transforms computers into zombies that are secretly controlled by hackers. Cyber security experts estimate that it has already infected over Four Million computers. TDL-4 is spreading fast and is nearly indestructible. It can sleep quietly, invisibly, lurking inside your computer. TDL-4 waits for commands sent via encrypted Internet P2P connection to awaken the virus implant. The master virus then secretly downloads and installs up to 30 additional lesser viruses, its minions, to perform a variety of evil deeds. It can even kill rival viruses that infringe upon its turf. It wants your computer all to itself. It is smart. It is ruthless. It is out there waiting for a chance to turn your computer into another zombie.
All this goes on inside your computer without your knowledge. If your computer is turned on, it could be receiving secret instructions to attack the Pentagon right now. The computer you thought belonged to you could actually be controlled by a criminal underground or foreign government. China is a big player in this. See: McAfee rats out 72 organisations that were hacked. Your harmless looking PC could already be part of an army of other zombie computers, a botnet, which is a coordinated collection of infected computers. Ever wonder about the noises you hear inside your computer when you are not using it? Could it already be a zombie carrying out the secret commands of a far away Dr. Evil type?
Four and a half million windows computers have already been zombiefied. This zombie army is a powerful force for criminal hackers to control, to use to wreak havoc on the rest of us. They could eat your brains and sell your credit card numbers. They could use your computer to attack others, to bring down websites. They could steal your identity, maybe even your glasses. Like I said before, not all hackers are rainbow loving gray hats like Lulzsec. Many, if not most, are criminal sociopaths. They are Dr. Evil types with more brains than moral sense. This ingenious new virus is proof of that.
The virus works by hiding in the master boot record of a Windows PC (Mac’s are immune). This is where code is stored to start the operating system after the computer’s BIOS does start-up checks. This means that once the virus infects your PC, it is undetectable to most virus scans. See Eg Massive botnet ‘indestructible,’ say researchers by Computer World‘s Gregg Keizer.
Security expert Sergey Golovanov call this army of TDL-4 infected computers practically indestructible and says TDL-4 (a/k/a TDSS) is the most sophisticated threat today to computers with Windows operating systems. Sergey is a researcher for Kaspersky Labs (a Moscow based anti-virus software company). He reports with his Kaspersky colleague, Igor Soumenkov, in their Secure List blog:
The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today. TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center. TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.
The master evil virus, TDL-4, does not like competition from other viruses that may haunt a PC. It hunts them down and kills competitor viruses. It’s a new kind of cyber-mafia bent on exclusive control of the cyberspaces it inhabits. Think I’m kidding? Suffering from Future Shock? Here are Sergey and Igor again:
TDL nimbly hides both itself and the malicious programs that it downloads from antivirus products. To prevent other malicious programs not associated with TDL from attracting the attention of users of the infected machine, TDL-4 can now delete them. Not all of them, of course, just the most common. …
This ‘antivirus’ actually helps TDSS; on the one hand, it fights cybercrime competition, while on the other hand it protects TDSS and associated malware against undesirable interactions that could be caused by other malware on the infected machine.
Which malicious programs does TDL-4 itself download? Since the beginning of this year, the botnet has installed nearly 30 additional malicious programs, including fake antivirus programs, adware, and the Pushdo spambot.
Notably, TDL-4 doesn’t delete itself following installation of other malware, and can at any time use the r.dll module to delete malware it has downloaded.
This is not science fiction or cheesy zombie horror movie. This is a real threat to users of Windows-based computers. As Physorg.com explained in a recent article on TDL-4 and its botnet army of zombie computers:
Botnets, or groups of computers that have been infected by code that allows them to be controlled by someone other than the owner, have become the latest tool in an international cyberwar that involves malevolent coders and law enforcement, with computer users stuck in-between, quite often completely unaware of what it going on.
Botnets are a bad thing because computer owners can become victims of identity theft, be directed to onerous sites while cruising the web, or worse become unwitting partners in crime as their computer is hijacked and used for nefarious purposes, such as being directed to take part in a denial of service attack against a corporate web site.
A recent article by Rodger Grimes in InfoWorld questioned the claim by Kaspersky Labs that the TDL-4 zombie bot army is indestructible. While agreeing that this maybe the hardiest zombie bot virus yet, Grimes is confident that a counter-measure will eventually be found:
As a 24-year veteran of the malware wars, I can safely tell you that no threat has appeared that the antimalware industry and OS vendors did not successfully respond to. It may take months or years to kill off something, but eventually the good guys get it right.
Grimes, who I really want to believe, ends his article with this sage advice:
Today, we need to tell folks not to click on the Internet link emailed to them by a trusted friend and not to install random applications sent to them in Facebook or through their mobile phone.
Have you ever looked at your PC and noticed lights flashing, or heard noises, disks spinning, even when you are not using it? How well do you know your computer? Perhaps it is already a zombie? What dastardly deeds might it be doing right now? Is that an evil laugh you hear from the PC next door? Or is it coming from your own seemingly benign machine? Have you ever hit Control-Alt-Delete, selected the Processes tab and wondered about all of the programs running on your memory that you have never heard of?
Take the time to prevent a zombie take over of your computer. I know it’s a pain, and yet another $60 expense that you do not need. But it is important. If you are not part of the solution, you are part of the problem. Do not be a passive virus victim. Do not facilitate cyber-evil by indifference and inattention. Never download strange programs. Look out for seedy Internet neighborhoods where the viruses live and lurk for hosts to attach themselves to. Stay vigilant. Buy good virus protection software. Keep your anti-virus software up to date. Better yet, buy a Mac. So far, they are zombie-free.