India in super botnet
By Sumir Singh

Security firm Kaspersky Lab, as well as its counterparts, agree that TDSS is the most sophisticated botnet ever.

Kaspersky Lab has written about how TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center. TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.

Described as the ‘indestructible’ botnet, it uses an updated algorithm encrypting protocol for communication between infected computers and botnet command and control servers. The cybercriminals replaced RC4 with their own encryption algorithm using XOR swaps and operations. The domain names to which connections are made and the bsh parameter from the cfg.ini file are used as encryption keys.

TDSS even removes rival malware from infected computers.

More than 5 million computers have been infected.  One third of all infected computers are in USA.  India is second on the list of countries that power this botnet.