Botnets, organized network of compromised computers, known as “zombies” have been much in the news lately. Some, such as Coreflood, have been successfully taken down. This botnet, however, has some interesting tricks up its sleeve. For one thing, it uses a hard to disable encrypted peer-to-peer (P2P) command and control structure. This makes conventional approaches such as blocking IP addresses and domain names not possible. And, it fights back against other malware installed on the computer. For example, it is able to disable the Zeus botnet. And finally, it apparently installs a rootkit in the master boot record (MBR) of the BIOS, effectively hiding the botnet software from even the operating system! I remember last summer when I helped my son build his PC from components, we accidentally installed a BIOS application that came with the motherboard software – it was so difficult to find and deactivate! I can only imagine how difficult it is dealing with a rootkit installed there!
This makes me think of the fictional “Zed.Kicker” botnet in my novel, “Counting from Zero”. It used a complicated P2P network and strong encryption. And like TDL-4, Zed.Kicker also has a few tricks up its sleeve!
While I doubt this botnet is indestructible, it certainly is a tough customer. The techniques and tenacity of those who battle these botnets is going to have to increase.