Brian Krebs looks at the remarkable drop in spam that the Internet has experienced this year (25-50 billion spams/day today, down from a peak of 225 billion spams/day last July), and at the vicious new malware that's appearing as spam-crooks get more desperate. One such vector is TDSS (AKA "TLd-4"), a rootkit that infects your computer, kicks out all the other malware running on it, and then helps hackers distribute malware. Krebs says that there's plenty of gains to be realized by attacking the financial instruments used by criminals and he's promised a series on how these work.
The evolution of the TLd-4 bot is part of the cat-and-mouse game played by miscreants and those who seek to thwart their efforts. But law enforcement agencies and security experts also are evolving by sharing more information and working in concert, said Alex Lanstein, a senior security researcher at FireEye, a company that has played a key role in several coordinated botnet takedowns in the past two years.
"Takedowns can have an effect of temporarily providing relief from general badness, be it click fraud, spam, or credential theft, but lasting takedowns can only be achieved by putting criminals in silver bracelets," Lanstein said. "The Mega-D takedown, for example, was accomplished through trust relationships with registrars, but the lasting takedown was accomplished by arresting the alleged author, who is awaiting trial. In the interim, security companies are getting better and better about working with law enforcement, which is what happened with Rustock."
Where Have All the Spambots Gone?
report this ad
Today a future without schools. Instead of gathering students into a room and teaching them, everybody learns on their own time, on tablets and guided by artificial intelligence. Flash Forward: RSS | iTunes | Twitter | Facebook | Web | Patreon | RedditIn this episode we talk to a computer scientist who developed an artificially […]
Where are our petabyte drives? Brian Hayes takes us through the reasons storage is “stuck” in the low terabytes. The tl;dr is that we got such exceptional capacity growth in the late 90s and early 00s we don’t need much more right now, so the focus since then has been on SSDs, networking, interfaces, etc, […]
Amélie Lamont, a former staffer at website-hosting startup Squarespace, writes that she often found herself disregarded and disrespected by her colleagues. One comment in particular, though, set her reeling — and came to exemplify her experiences there.
You won’t want to hit another music festival without these essentials. Read on to find out what we’re packing for the final festivals of the year.This Smart Charger Always Knows Where The Car Is ParkedIn addition to charging your phone, the Zus Smart Car Charger and Locator ($29.99) helps you locate your car no matter […]
When the mood strikes you and you’re looking to light up, you shouldn’t have to hunt around for all the things you need: your pipe, your grinder, your favorite munchies, and so on. And with the Happy Kit, you won’t have to.This compact black case houses everything you need, including a grinder, a glass pipe, […]
Everybody knows that if you want to earn the big bucks these days, you need to learn how to code. Luckily, you don’t even need to spend thousands on grad school to make coding your career. The Entry-Level Python & JavaScript Programming Bundle is the easiest way to get started in programming in two of […]
report this ad
Spam I can eat, but how do you put malware between two slices of bread??
What share of this can be attributed to the eventual obsolescence and retirement of easily targeted computers and OSs?
The TLd-4/TDSS rootkit isn’t as invincible as it seems at first glance. I read Brian Krebs’s blog post about it a few days ago, and came across some Microsoft technical notes on how to delete it by using the Recovery Console (a DOS-like interface).
http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx
Kapersky has a TDSS killer utility, for free, which it claims can run on the infected machine (uh, until TDSS ver5 is released, I guess).
In my case, their method is handy, as my system’s RAID makes using boot-CD solutions, such as Microsoft’s System Sweeper, difficult/complicated.
http://support.kaspersky.com/faq/?qid=208283363
Symantec’s solution requires a Symantec license of some sort. Pass…
As well, GMER is rootkit-hunting software based in Poland.
http://www.gmer.net/
NOTA: I haven’t used any of these products myself, yet. But from reading the Microsoft walkthrough, it doesn’t look like fixing this particular problem is something complicated. Aside from the inherent logically near-impossible problem of running anti-rootkit software on an infected machine, it looks like the TDSS rootkit, while sophisticated, isn’t invicible.
I had the pleasure of clearing out some early examples of TDSS, and it was tricky even then – it merely took booting to a livecd and deleting some windows system files to get rid of the final remnants. Now it’s much worse.
TDSS is one of the most crazyball rootkits you’ll ever get to deal with. it’s completely batshit insane in what it can do and how hard it is to eradicate, and has a different command-and-control structure to anything seen so far which means they have to come up with completely new botnet takedown methods.
We’ll get some reliable tools to remove it, but I’d give it a few months – until then, you have to clean the mbr, roll back to a good System Restore point, and hope for the best.
Hey spammers love Christmas!!
Indeed, TDSS is a brute – even a full reinstall of the OS from scratch won’t clean up a system properly owned by it, unless you also reinitialize the drive, starting with a clean MBR.
That said, you won’t get to that point if you follow the precaution of using a non-administrator account for daily use – TDSS does not (yet, to my knowledge) come with any local privilege escalation exploits to hoist itself from a regular user up to admin status. Keep your admin account separate, and use it only for “janitorial duty” – installing software and patches, basically.
dragonfrog
How do you propose functioning day to day in a windows environment as a non-administrator? It’s easy as pie in all other OSs, but windows?
I guess it depends on the OS version and the specific things you need to do as an admin, but for specific programs you can generally just right-click (or maybe it’s shift-right-click) and choose “run as” to run that one program under another ID.
it’s easy as pie in windows, too. the tools are there: if you need to install a program or change its configuration but are too lazy to log in and out, it’s possible to run a program as administrator while logged into another account. Meanwhile, pretty much all a windows admin can do that a user can’t is change system settings and make changes to programs (install / uninstall).
oops, replied to the wrong person AND got beaten to the punch. double fail!
How can spam be down, but botnet malware be on the rise?
I always thought distributed spamming was the main thing people used botnets for in the first place.
If they they not sending spam, what is this new breed of botnet doing with its purloined bandwith?
The bandwidth is less valuable now – fewer and fewer people get your spam (all the free mail providers have pretty decent filtering now), and more and more people are wise to the stuff and ignore what they do see.
What’s more valuable is the endpoint – more and more people do their banking, buy and sell things with credit cards, and log in to more or less valuable accounts online. If you capture their keystrokes, analyze them for credit card data and username/password pairs, that’s worth plenty of money.
Because spam has been used to track botnets, and subsequently notify owners of those malware-infected computers. “Follow the spam” is an effective strategy to find botnets.
To preserve their valuable botnets, hackers have to refrain from sending spam, or they risk getting their botnets dismantled.
I don’t understand….
Macs are now [cough] “popular enough” to have a relatively prolific trojan and by many accounts that means Macs are FAR LESS SECURE than Windows-based computers…
So, then where, oh where… on earth…. is the TDSS for Mac OS X?
[in snooty voice] I’m sure it has nothing at all to do with the Mac OS X infrastructure at-tawl….
Jesus Fucking Christ, people.
JUST USE LINUX/OSX ALREADY.
Not only are you cheating yourself out of the full use of your computer – in this day and age, running Windows on a web surfing machine is IRRESONSIBLE TO SOCIETY, in the same way that avoiding useful vaccines is.
Make the switch, you’ll be glad you did. If you have any old broken computer around, that is too slow and/or virus infested to be worthwhile, download an Ubuntu 10.04.2 disc (or xubuntu/lubuntu if less than 1GB RAM), pop it in, turn it on, switch the BIOS to boot from CD first (different computer to computer, but generally not hard to do – it’s the blue settings screen before the operating system loads), wipe the disc and install, and voila – it’ll be like having a brand new computer, in some ways better than a $1,000 Win7 box.
Try it – you’ll like it!
And when you read about armies of botnets, identify theft, financial crimes, keyloggers, etc. etc..you’ll smile, knowing your free solution reduces your risk of falling victim to these by 99+%.
I was being more or less forced to listen to the Clark Howard radio show at work. He had the gall to actually recommend that people who use online banking buy another PC to use exclusively for online banking. :O
While it is a (somewhat) sound strategy, it made me wonder how many people aren’t even aware that you have a choice. “Free OS” versus “OS in which I pay for antivirus, pay for anti-malware, and am still living in fear of identity theft.”
Tried to put ubuntu on the laptop. Wifi card won’t work. No I web for me.
Built computer with my kid. Ran out of money and hate windows anyway. Can’t get Online there either.
All Internet solutions look like hardcore computer programming to me. Gave up, went back to windows. Linux was kinda bogus.
The solutions are out there and are often as simple as download this, open that, enter admin password, done. This issue is that finding the right ‘this’ to download can be a nightmare as you’re relying on the user community for tech support. Getting Ubuntu to work on my Eee PC was a stressful few days, now I can’t see any reason why I would want to go back to Windows.