TDSS botnet is now come with latest of 4th generation variant, which is more dangerous. Malware that spreads widely through the Internet and other devices such as flash disk is no longer an application which came once and then die. Malware is also regeneration by always appearing in new forms and variants that more stronger, more sophisticated. TDL 4 is one of a botnet TDSS the 4th generation.
The rise of botnet infection which attacks the computers even also network computers have impact losses for the user. Commenting on this condition, Yudhi Kukuh, Technical Director of PT. Prosperita-ESET Indonesia convey that to banish the TDSS / TDL, with all sorts of traps to infect system 32bit/64bit or defeat botnets is not an easy job.
TDSS or also known as TDSS / TDL, or Win32/Olmarik, infect computers and then take orders from a C & C server. Win32/Olmarik next process. AVA zombies Kademilia communicating with each other using DHT (distributed hash table) peer-to-peer protocol. When a PC is infected by bots, the computer will automatically become part of a network shared with other computers that also have been infected with the “Command & Control” (C & C) server or a botnet, which has destructive properties.
Botnets will try to control a network with several computers along with all information that is owned, then the information that was stolen will be deployed to computers in network. Botnets do not just stop working even if only one computer while other computers in botnet network dies.
Weakening the network botnet can be done either by track and turn off some or all of C & C servers that send information to a computer zombie who has been infected and gave instructions that must be done, then if the server is turned off, zombie computers are connected to a computer server is no longer able to sends data function or perform as instructed by botmaster.
By using Kademilia protocol, botmaster will be able to integrate weaknesses of C & C approach, then by using a common approach between each computer as C & C server or a zombie or a client who has been infected.
“In addition, there is an easy way to block botnet on your network. The trick is to have awareness to activate, update at regular intervals in computer security system and network servers,” added Yudhi.