CIOIN

Malware  Millions of PCs around the world appear to have been quietly infected by the dangerous TDSS 'super-malware' rootkit as part of a campaign to build a giant new botnet, researchers from security firm Kaspersky Lab have discovered.

Malware and botnets come and go, but TDSS is different. First detected more than three years ago, TDSS (also known as 'TDL' and sometimes by its infamous rootkit component, Alureon), it has grown into a multi-faceted malware nexus spinning out ever more complex and dangerous elements as it evolves.

In recent weeks, Kaspersky Lab researchers were able to penetrate three SQL-based command and control servers used to control the activities of the malware's latest version, TDL-4, where they discovered the IP addresses of 4.5 million IP PCs infected by the malware in 2011 alone.

If active, this number of compromised computers could make it one of the largest botnets in the world. The TDL-4 malware has also added technical and economic capabilities to its features list, including some that are out of the ordinary for botnets, the researchers say.

Making use of the malware's bootkit design—it infects the master boot record of a PC to allow it to load before other programs—it attempts to clean rival malware from an infected PC, searching for up to 20 different malware types. This stops other programs interfering with its activities as well as hurting their commercial activities.

 "Cybercriminals are trying to future-proof themselves," says fellow Kaspersky researcher, Ram Herkanaidu.