{"id":769,"date":"2011-07-01T23:19:31","date_gmt":"2011-07-01T21:19:31","guid":{"rendered":"http:\/\/cerezo.name\/blog\/?p=769"},"modified":"2024-10-14T14:17:58","modified_gmt":"2024-10-14T12:17:58","slug":"tdss-botnet-is-not-sophisticated-is-antiquated","status":"publish","type":"post","link":"http:\/\/cerezo.name\/blog\/2011\/07\/01\/tdss-botnet-is-not-sophisticated-is-antiquated\/","title":{"rendered":"<span class=\"caps\">TDSS<\/span> Botnet is Not Sophisticated, is Antiquated"},"content":{"rendered":"<p style=\"text-align: justify;\">Propagating a mass media scare-mongering on the <a href=\"http:\/\/blogs.wsj.com\/tech-europe\/2011\/07\/01\/indestructible-botnet-malware-infected-4-5-million-pcs\" target=\"_blank\" rel=\"noopener\">latest piece of malware<\/a> is always a very good resource to fill those blank pages of newspapers.<\/p>\n<p style=\"text-align: justify;\">These days, it\u2019s the turn of <a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792131\/TDSS\" target=\"_blank\" rel=\"noopener\"><span class=\"caps\">TDSS<\/span><\/a>, yet another so-so malware that endures due to the lusers\u2019 blatant incompetence. This so-called <em>indestructible<\/em> botnet features:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Snake-oil crypto: the best crypto! <em>It cures all ailments<\/em>!<\/li>\n<li>C<span class=\"amp\">&amp;<\/span>C through the <span class=\"caps\">KAD<\/span> network (<a href=\"https:\/\/www.torproject.org\/\" target=\"_blank\" rel=\"noopener\">Tor<\/a> is just a misspelled Norse&nbsp;god!).<\/li>\n<li>Cutting-edge <span class=\"caps\">MBR<\/span> infection! (it seems the \u201980s was such an obscure period that nothing from that age remains, except a much-much younger Madonna, go figure).<\/li>\n<li><span class=\"caps\">TDSS<\/span> removes other malware, thank you very much: because this have never been attempted before, and&nbsp; I would say, it\u2019s the easiest way to determine a system has been infected.<\/li>\n<li>A new and <em>very<\/em> <em>innovative<\/em> 64-bit kernel-mode driver: let\u2019s just pretend the first 64-bit viruses were not <a href=\"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2004-052617-2620-99\" target=\"_blank\" rel=\"noopener\">written in 2004<\/a>\u2026<\/li>\n<li><a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792131\/TDSS\" target=\"_blank\" rel=\"noopener\">Other<\/a> <a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792157\/TDSS_TDL_4\" target=\"_blank\" rel=\"noopener\">articles<\/a> <a href=\"http:\/\/www.securelist.com\/en\/blog\/208188095\/TDSS_loader_now_got_legs\" target=\"_blank\" rel=\"noopener\">provide<\/a> a much more detailed view of the evolution of this malware, this being the only thing to note about&nbsp;it.<\/li>\n<li>Last, but not at least, I don\u2019t understand how they can claim that the botnet is indestructible, but they have been able to reverse engineer the C<span class=\"amp\">&amp;<\/span>C protocol and to send queries to the servers.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">I wonder when malware will catch-up with the already published research from the <a href=\"http:\/\/www.cryptovirology.com\/\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">crypto-virology<\/a> field. It would be wonderful to see a massive botnet, if you understand me, using advanced techniques such as <a href=\"http:\/\/www.cryptovirology.com\/cryptovfiles\/newbook\/Chapter4.pdf\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">questionable encryption<\/a>, <a href=\"http:\/\/en.wikipedia.org\/wiki\/Kleptography\" target=\"_blank\" rel=\"noopener\">kleptography<\/a> or <a href=\"http:\/\/people.seas.harvard.edu\/~salil\/research\/delegation-abs.html\" target=\"_blank\" rel=\"noopener\">homomorphic encryption applied to delegated computation<\/a>. Then, we would be talking about a really <em>indestructible<\/em> botnet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Propagating a mass media scare-mongering on the latest piece of malware is always a very good resource to fill those blank pages of newspapers. These days, it\u2019s the turn of <span class=\"caps\">TDSS<\/span>, yet another so-so malware that endures due to the lusers\u2019 blatant incompetence. This so-called indestructible botnet features: Snake-oil crypto: the best crypto! It&nbsp;cures&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0},"categories":[6,16],"tags":[],"_links":{"self":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/769"}],"collection":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/comments?post=769"}],"version-history":[{"count":5,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/769\/revisions"}],"predecessor-version":[{"id":1643,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/769\/revisions\/1643"}],"wp:attachment":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/media?parent=769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/categories?post=769"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/tags?post=769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}