One of the world's stealthiest pieces of malware infected more than 4.5
million PCs in just three months, making it possible for its authors to
force keyloggers, adware, and other malicious programs on the
compromised machines at any time.



'Indestructible' rootkit enslaves 4.5m PCs in 3 months


The TDSS rootkit burst on the scene in 2008 and quickly earned the
begrudging respect of security experts for its long list of highly
advanced features. It is virtually undetectable by antivirus software,
and its use of low-level instructions makes it extremely hard for
researchers to conduct reconnaissance on it. A built-in encryption
scheme prevents network monitoring tools from intercepting
communications sent between control servers and infected machines.

The latest TDL-4 version of the rootkit, which is used as a persistent
backdoor to install other types of malware, infected 4.52 million
machines in the first three months of this year, according to a detailed
technical analysis published Wednesday by antivirus firm Kaspersky Lab.

Additional changes include a new antivirus feature that rids
TDSS-infected machines of 20 rival malware titles, including ZeuS, Gbot,
and Optima. It also blacklists the addresses of command and control
servers used by these competing programs to prevent them from working
properly.

Like the Popureb trojan and the Torpig botnet (aka Sinowal and Anserin),
it also infects the master boot record of a compromised PC's hard drive,
ensuring that malware is running even before Windows is loaded.

Ref: http://www.theregister.co.uk/2011/06...reon_advances/

--
Dave - I find the bit about riding infected machines of rival malware
rather interesting. That's what I suggested a malware /cleaning/ product
might do! How would one ever know it had happened?!!