From Wikipedia, the free encyclopedia
Jump to: navigation, search

TDL-4 is a highly advanced, fourth generation botnet found worldwide (over a quarter of infected machines are in the US) and the name of the rootkit that runs the botnet (also known as Alureon). Over 4.5 million machines were infected with it in the first three months of 2011, and the botnet continued to grow after that.

It was often by noted by journalists as "indestructible" in 2011, although it is removable with tools such as Kaspersky's TDSSKiller.[1][2] It infects the master boot record of the target machine, making it harder to detect and remove. Major advancements include encrypting communications, decentralized controls using the Kad network, as well as deleting other malware.[3][4]


  1. ^ Herkanaidu, Ram (July 4, 2011). "TDL-4 Indestructible or not? - Securelist". securelist. Retrieved 28 June 2012. 
  2. ^ Golovanov, Sergey; Igor Soumenkov (27 June 2011). "TDL4 – Top Bot - Securelist". Securelist. Retrieved 28 June 2012. 
  3. ^ Reisinger, Don (2011-06-30). "TDL-4: The 'indestructible' botnet? | The Digital Home - CNET News". Retrieved 2011-10-15. 
  4. ^ ""Indestructible" TDL-4 Botnet?". Techno Globes. 2011-07-02. Retrieved 2011-10-15.