The security gurus over at Kaspersky crunched some numbers and determined that cybercriminals are spending big bucks promoting the TDSS botnet, TDL-4. In just the first three months of 2011, TDL-4 has helped infect more than 4.5 million computers around the world, requiring an investment of around a quarter of a million dollars from cybercriminals, Kaspersky says.
Kaspersky arrived at that figure based on the notion that malware writers pay third parties to spread their foul files. According to Kaspersky, partners are paid from $20 to $200 dollars for the installation of 1,000 malicious programs.
"We don't doubt that the development of TDSS will continue," Kaspersky quotes the experts who carried out the investigation. "Malware and botnets connecting infected computers will cause much unpleasantness -- both for end-users and IT-security specialists. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the launch of a new operating system, use of exploits from the Stuxnet arsenal, use of P2P technologies, proprietary 'anti-virus' and much much more make the TDSS malicious program one of the most technologically developed and most difficult to analyze."
Kaspersky classifies TDSS as "the most sophisticated threat today," noting it "has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system." Kasperskyk says TDL-4 contains an updated algorithm encrypting the protocol used for communication between infected computers and botnet command and control servers, making it far more dangerous than previous versions. This particular variant is also a bootkit, meaning it infects the MBR to launch itself.