Internet users who go looking for stolen movies online may end up getting more than they bargained for – a practically “indestructible” form of malicious software designed to give cyber criminals remote control over users’ computers.
This week, researchers at security firm Kaspersky Labs wrote that TDL, a new form of malicious software or malware that they describe as “the most sophisticated threat today,” is spread by paying “affiliates” in exchange for placing an installation package online someplace where users will accidentally pick it up. Kaspersky’s researchers noted that rogue websites are prime vehicles for this kind of abuse:
The way in which the new version of TDL works hasn’t changed so much as how it is spread - via affiliates. As before, affiliate programs offer a TDL distribution client that checks the version of the operating system on a victim machine and then downloads TDL-4 to the computer.
Affiliates receive between $20 to $200 for every 1,000 installations of TDL, depending on the location of the victim computer. Affiliates can use any installation method they choose. Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.
TDL is designed to transform machines it infects into a network of “zombies” that can be controlled from afar. In just three months this year, TDL infected 4.5 million computers worldwide, with over a third of those in the U.S. The U.K.’s The Telegraph reports:
"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," said Sergey Golovanov and Igor Soumenkov, reseachers at Kaspersky Labs.
"The [TDL-4] botnet, with more than 4.5 million infected computers, is used by cyber criminals to manipulate adware and search engines, provide anonymous internet access, and acts as a launch pad for other malware."
All the more reason to keep rogue sites from reaching U.S. consumers. Stealing movies isn’t worth the risk to American jobs – or the risk to Internet security.