'Indestructible' rootkit enslaves 4.5m PCs in 3 months

One of the world's stealthiest pieces of malware infected more than
4.5 million PCs in just three months, making it possible for its
authors to force keyloggers, adware, and other malicious programs on
the compromised machines at any time.

The TDSS rootkit burst on the scene in 2008 and quickly earned the
begrudging respect of security experts for its long list of highly
advanced features. It is virtually undetectable by antivirus software,
and its use of low-level instructions makes it extremely hard for
researchers to conduct reconnaissance on it. A built-in encryption
scheme prevents network monitoring tools from intercepting
communications sent between control servers and infected machines.

The latest TDL-4 version of the rootkit, which is used as a persistent
backdoor to install other types of malware, infected 4.52 million
machines in the first three months of this year, according to a
detailed technical analysis published Wednesday by antivirus firm
Kaspersky Lab.

Additional changes include a new antivirus feature that rids TDSS-
infected machines of 20 rival malware titles, including ZeuS, Gbot,
and Optima. It also blacklists the addresses of command and control
servers used by these competing programs to prevent them from working
properly.

Like the Popureb trojan and the Torpig botnet (aka Sinowal and
Anserin), it also infects the master boot record of a compromised PC's
hard drive, ensuring that malware is running even before Windows is
loaded.

Ref: http://www.theregister.co.uk/2011/06...reon_advances/

--
Dave - I find the bit about ridding infected machines of rival malware
rather interesting. That's what I suggested a malware /cleaning/
product might do! How would one ever know it had happened?!!