"Damballa researchers believe a new variant of the sophisticated TDL4 bootkit affected over 250,000 victims in the past few months"
Researchers from security vendor Damballa have identified malicious Internet traffic that they believe is generated by a new and elusive variant of the sophisticated TDL4 malware.
The new threat, which has been assigned the generic name DGAv14 until its true nature is clarified, has affected at least 250,000 unique victims so far, including 46 of the Fortune 500 companies, several government agencies and ISPs, the Damballa researchers said in a research paper released Monday.
On July 8, Damballa sensors that operate on the networks of telecommunication operators and ISPs that partnered with the company detected a new pattern of DNS (Domain Name System) requests for non-existent domains. Such traffic suggests the presence on the network of computers infected with malware that uses a domain generation algorithm (DGA). Some malware creators use DGAs in order to evade network-level domain blacklists and to make their command and control infrastructure more resilient against takedown attempts.
Continued : http://news.techworld.com/security/3382043/new-tdl4-malware-variant-infects-isps-fortune-500-companies-govt-agencies/
Also: New Iteration of TDSS/TDL-4 Botnet Uses Domain Fluxing to Avoid Detection