Senior threat intelligence analyst
Sean Bodmer enjoys demonstrating and discussing how easy it is for criminals to setup cyber-crime campaigns, including their infrastructure, infection vectors, and build better tools to infect billions of systems around the world.
“The most important thing to demonstrate is how easy it is to put together a few tools to make an undetectable product that slips past $100,000 or more security systems,” he said.
"In Q1 2012 the ZeuS DIY kit and TDL-TDSS botnet
are the most popular criminal platforms and have features that make them powerful and difficult to mitigate like peer-to-peer which helps obfuscate infected victims from security professionals as there are no direct connections between the victim and the criminal's command and control (C&C) server for updates or when receiving instructions.
“We’re seeing a trend in which the most powerful criminal tools are becoming widely used, even the cracked (freely available versions) are being utilized by newbie criminals.”
The Tyler Durden Loader (TDL) TDSS (a play on SST) takes 14Mb of your MBR (Master Boot Record). If you delete it from your OS and reboot, it puts it right back on your system. It operates outside your OS, making it difficult to remove. This criminal bot infrastructure is unique from Zeus where TDL focuses on leveraging pay-per-install scams, which put money into the hands of third parties, to spread the TDL gangs own malware which takes the burden off infection off of the gang themselves.