By Ron Benvenisti. More than 4.5 million PCs were infected by “stealth” malware in just three months, making it possible for its authors to force key loggers (catch everything you type), adware (for advertising undesirable sites), and run a host of other malicious programs on the compromised PC’s at any time.

The stealth malware which is known as the “TDSS rootkit” baffled security experts because of it’s extensive list of highly advanced features.

It is virtually undetectable by antivirus software.

Its use of low-level instructions makes it extremely hard for researchers to conduct reconnaissance on it.
A built-in encryption scheme prevents network monitoring tools from intercepting communications sent between the control servers and infected machines.

The latest TDL-4 version of the rootkit is also used as a persistent backdoor to install other types of malware.

The kit has infected 4.52 million machines in the first three months of 2011, according to a detailed technical analysis published by antivirus firm Kaspersky Lab. Almost a third of the compromised machines were located in the United States. With successful attacks on US-based PCs fetching premium fees, those behind the infections likely earned $250,000 from the US alone.

Able to also infect 64-bit versions of Windows by bypassing the Operating System’s requirement for drivers to be digitally signed by a trusted source it affects Windows XP (64 bit), Windows 7 and Windows Vista as well as Windows Server versions. The latest version is able to propagate unnoticed across Local Area Networks.

This highly invasive malware has so far created an “indestructible” botnet (coordinated automated attack) that is itself invulnerable to attacks, competitive hacks and antivirus companies. While overtaking your PC it infected machines of 20 other competing malware programs and blacklists them to prevent them from working properly.

It is particularly insidious because it infects the master boot record of a compromised PC’s hard drive. This makes sure that the malware is running even before Windows is loaded!

Even so, its botnet technique is not completely impervious to surveillance. Like any complex piece of software it does have bugs.

Via a flaw on its own servers in Moldova, Lithuania and the US that the 4.52 million infections were confirmed.

For every hacker that hosts the “bot” program, they will receive between $20 to $200 for every 1,000 infections they achieve.