TDSS: Political botnets
Unfortunately (from our point of view), this makes the botnet much more resilient. The configuration information and payload are shared between all the compromised machines: You can't expect to disable some or all of the network by taking down “master” machines.
There's more technical detail on this latest variant here, but if you'd like more information on TDL in general, here are some resources:
· A paper by Aleks and Eugene on The Evolution of TDL: Conquering x64 (which is in the process of revision in order to accommodate the new information), and their article for Virus Bulletin on Rooting about in TDSS.
· A series of articles by Aleks, Eugene and myself at Infosecinstitute.com:
o TDSS part 1: The x64 Dollar Question
o TDSS part 2: Ifs and Bots
o TDSS part 3: Bootkit on the other foothttp://blog.eset.com/?s=tdss