• DDoS Knowledge Center
    • DDoS Chronicles
    • Research
    • DDoSPedia
    • Infographics
  • DDoS Threats & Attacks
    • DDoS Attack Types & Tools
    • Threat Advisories & Attack Reports
  • DDoS Experts' Insider
    • DDoS Best Practices and Guidelines
    • ERT Case Studies
    • Expert Talk
    • Hacker's Corner
    • Losing Sleep in the C-Suite
  • IoT
    • IoT Insights
  • Malware
    • Malware Alerts
  • Contact Us
  • Search

What are you looking for?

  • DDoS Attack Definitions - DDoSPedia

    DDoSPedia is a glossary that focuses on network and application security terms with many distributed denial-of-service (DDoS)-related definitions. It provides a central place for hard to find web-scattered definitions on DDoS attacks.

  • Search

    TDL-4 (Alureon)

    TDL-4 is the fourth-generation version of the well-known TDSS a.k.a. Alureon Trojan, responsible for infecting a vast number of PCs around the world. The TDL- is one of the most active and resilient botnets currently conducting operations around the world. In the first three months of 2011, over 4.5 million computers were infected with TDL-4, with 28% of these computers being located in the United States.

    When installed, TDL-4 creates a rogue file system at the end of the infected computer’s disk, which it heavily encrypts and stores its files on. Additionally, it is able to bypass the low-level driver signing requirement of 64-bit editions of Windows by installing itself in the master boot record (MBR) of the system drive, subverting the normal booting process in order to run its own unsigned malicious code. Once TDL-4 is installed on a machine and present in the MBR, it not only disables Windows Update and various antivirus products, but it removes or disables many other known types of similar malware such as Zeus or Optima to reduce competition as well as ensure that there are no undesirable interactions with such malware. Malware that exhibits such stealth behavior and low level interaction is called a “rootkit” (and a kernel-mode variant such as TDL-4 is called a “bootkit”).

    Perhaps the most interesting feature of TDL-4 is the complex P2P network that its botnet uses for inter-bot and command and control (C&C) server communication. TDL-4 bots are able to communicate with each other and with C&C servers (of which around 60 have been discovered) using the public P2P Kad file sharing network and heavy encryption. Generally speaking, dismantling a botnet often involves the disabling of C&C servers as seen in the past during the dismantling of the Mariposa and other large botnets. As the TDL-4 botnet has both C&C servers as well as inter-bot communication abilities across a public P2P network (and incredibly advanced stealth techniques including custom encryption), many are calling it the “indestructible botnet”.

  • DDoSPedia Index

    #

    • #OpIsrael
    • #RefRef

    A

    • ADB Miner
    • Admin.HLP
    • Advanced Persistent Attack
    • Amplification Attack
    • Anonymous
    • Apache Killer
    • Application Misuse Attack
    • ARP Poisoning
    • Asymmetric Attack

    B

    • Backdoor
    • BEAST
    • Booster Script
    • Border Gateway Protocol (BGP) Attack
    • Botmaster
    • Botnet
    • Boy-in-the-Browser Attack
    • BrickerBot
    • Buffer Overflow Attack
    • ByteDoS

    C

    • CERT
    • Clean Pipe
    • Clearnet
    • Click Fraud
    • Clickjacking
    • CoAP
    • Command and Control Server
    • Conflicker
    • Cookie
    • Cookie Poisoning
    • Counter-attack
    • Cryptovirus
    • CutWail Botnet
    • CVE
    • Cyber Ransom

    D

    • Darknet
    • Darkness (Optima)
    • DarkSky
    • Dark Web
    • Deep Web
    • Digital Fraud
    • Distributed Denial-of-Service (DDoS) Attack
    • DNS Amplification Attack
    • DNS Flood
    • DoS (Denial-of-Service) Attack
    • DROWN
    • DrDos Attack
    • Duqu
    • Dynamic Web Injection

    E

    • Exploit

    F

    • Flame
    • Flood
    • Forged Cookie
    • FREAK
    • Fraggle Attack
    • Fragmented ACK Attack

    G

    • Guy Fawkes Mask

    H

    • Hacker
    • Hacktivist
    • Hijackware
    • HEARTBLEED
    • High-rate Attack
    • HOIC (High Orbit Ion Cannon)
    • Honeypot
    • Hping
    • HTTP
    • HTTPS
    • HTTPS Flood
    • HTTP Challenge
    • HTTP Cookie
    • HTTP Flood
    • HTTP Fragmentation Attack

    I

    • I2P (Invisible Internet Project)
    • ICMP Flood
    • Impression Fraud
    • Ingress Filtering (InFilter)
    • Internet Pipe Saturation
    • IP Address
    • IP Spoofing
    • IRC (Internet Relay Chat)
    • ISP (Internet Service Provider)
    • itsoknoproblembro
    • Izz ad-Din al-Qassam Cyber Fighters

    J

    • JenX
    • JS Cookie Challenges

    K

    • Keylogging

    L

    • LAND Attack
    • LOIC (Low Orbit Ion Cannon)
    • Low-rate Attack
    • LulzSec

    M

    • MalSpam
    • Malware
    • Man-in-the-Browser Attack
    • Man-in-the-Middle Attack
    • Memcached
    • Mirai
    • Mitigating Controls
    • Mobile LOIC
    • Morris Worm
    • MSSP
    • Multi-Factor Authentication
    • Mydoom

    N

    • Naptha Attacks
    • Necurs
    • Network Scan
    • Nuke

    O

    • Open DNS Resolver
    • Operation Ababil
    • Operation AntiSec
    • Operation Blackout
    • Operation Defense
    • Operation Killing Bay
    • Operation Payback
    • OpIcarus
    • OpIsrael
    • OpKillingBay
    • OpSingleGateway

    P

    • Packet
    • Pandex Botnet
    • Password Spraying
    • Parasiteware
    • Peer to Peer Attack
    • Ping of Death
    • PitbullBot
    • POODLE
    • Port Scan
    • Pushdo Botnet
    • Putinstresser
    • Pyloris

    Q

    No terms currently listed.

    R

    • Ransomware
    • Ransom DDoS
    • Rate Limit
    • RFI/LFI
    • Reflector/Reflective DoS attacks
    • Reflector server
    • Resident Virus
    • R.U.D.Y. (R-U-Dead-Yet?)

    S

    • Scareware
    • Scrubbing Center
    • Session Hijacking
    • SIP Register flood
    • SIP Malformed Attack
    • SIP Server Flood
    • SIP brute force
    • SIP Client Call Flood
    • Slow-Rate Attack
    • Slowloris
    • Smurf Attack
    • Social Engineering
    • SSL
    • SSL Stripping
    • Sockstress
    • SQL Injection
    • SSL Garbage Flood
    • Stabuniq
    • Static Web Injection
    • Stuxnet
    • Supply Chain Attack
    • SYN-ACK Flood
    • SYN cookies
    • SYN Flood

    T

    • Topera
    • Tor's Hammer
    • TOR
    • TCP Flood
    • Trin00
    • TheWikiBoat
    • THC-SSL DoS
    • Traffic
    • Trickbot
    • Trojan Horse
    • TDL-4 (Alureon)
    • TCP Window Scaling
    • Teardrop Attack
    • TLS

    U

    • UDP Flood

    V

    • Vulnerability
    • Vulnerability Scanner

    W

    • WannaCry
    • Wireshark
    • Web Scraping
    • Worm

    X

    • XerXeS

    Y

    No terms currently listed.

    Z

    • Zeus
    • Zero-Day/Zero-Minute Attack
    • Zombie
Top
DDoS Knowledge Center
  • DDoS Chronicles
  • Research
  • DDoS Definitions - DDoSPedia
  • Infographics
DDoS Threats and Attacks
  • DDoS Attack Types
  • DDoS Ring of Fire
  • Threat Advisories and Attack Reports
DDoS Experts' Insider
  • Losing Sleep in the C-Suite
  • Expert Talk
  • ERT Case Studies
radware.com
  • Security
  • SSL Attack Protection
  • Application & Network Security

© Radware Ltd. 2019 All Rights Reserved | Privacy Policy | Feedback |

  • Radware Blog
  • Twitter
  • LinkedIn
  • YouTube
  • facebook