TDSS Botnet is Not Sophisticated, is Antiquated

Leave a reply

Propagating a mass media scare-mongering on the latest piece of malware is always a very good resource to fill those blank pages of newspapers.

These days, it’s the turn of TDSS, yet another so-so malware that endures due to the lusers’ blatant incompetence. This so-called indestructible botnet features:

  • Snake-oil crypto: the best crypto! It cures all ailments!
  • C&C through the KAD network (Tor is just a misspelled Norse god!).
  • Cutting-edge MBR infection! (it seems the ’80s was such an obscure period that nothing from that age remains, except a much-much younger Madonna, go figure).
  • TDSS removes other malware, thank you very much: because this have never been attempted before, and  I would say, it’s the easiest way to determine a system has been infected.
  • A new and very innovative 64-bit kernel-mode driver: let’s just pretend the first 64-bit viruses were not written in 2004
  • Other articles provide a much more detailed view of the evolution of this malware, this being the only thing to note about it.
  • Last, but not at least, I don’t understand how they can claim that the botnet is indestructible, but they have been able to reverse engineer the C&C protocol and to send queries to the servers.

I wonder when malware will catch-up with the already published research from the crypto-virology field. It would be wonderful to see a massive botnet, if you understand me, using advanced techniques such as questionable encryption, kleptography or homomorphic encryption applied to delegated computation. Then, we would be talking about a really indestructible botnet.

Leave a Reply

Your email address will not be published. Required fields are marked *