Computerworld - July 18, 2011

Fresh
Insights
New
Trends
Great
Ideas

Botnet Called ‘Practically Indestructible’

The March earthquake and tsunami in Japan were devastating, but the country’s data centers were protected by giant “shock absorbers.”

BUSINESS CONTINUITY

Data Centers Survived Japan’s Quake

SMART CONSTRUCTION and good planning allowed Japan’s data centers to survive the massive arthquake that rocked the country in March, a Japanese data center execu tive said last late month at the Datacenter Dynamics conference in San Francisco.

IT managers in Japan had to grapple with blackouts and shortages of generator fuel, but none of Japan’s data centers was severely damaged or knocked offline by the disaster, said Atsushi Yamanaka, a general manager at IDC Frontier, which operates data centers for Yahoo Japan and other clients.

Modern data centers in Japan are built on giant “shock absorbers” — isolators made from metal and rubber on which buildings “float” while the ground beneath shakes from side to side.

Some data centers also have floorlevel and racklevel isolators, Yamanaka said, and all server racks are secured firmly to the floor. “I see some U.S. data centers with racks just sitting on the floor, and you don’t see that in Japan,” he said.

The shock absorbers are most effective at the building level, Yamanaka said, and some of those at the rack level did not work during the earth quake. Nevertheless, he said, only five server racks were critically damaged in all of Japan’s data centers.

Disaster recovery plans generally went smoothly. Where power was cut off, unin terruptible power supplies and generators kicked in, and companies were quick to order more fuel, Yamanaka said.

– James Niccolai, IDG News Service

A new and improved botnet that has infected 4. 5 million Windows PCs is “practically indestructible,” security researchers say.

TDL- 4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” reported Kaspersky Labs researcher Sergey Golovanov late last month.

“[TDL- 4] is practically indestructible,” Golovanov said.

“It does a very good job of maintaining itself,” agreed Joe Stewart, a botnet expert and director of malware research at Dell Secure Works.

Golovanov and Stewart said TDL- 4 has traits that make it extremely tough to detect, delete, suppress or eradicate.

TDL- 4 infects the master boot record of the PC with a rootkit, which makes it invisible to both the operating system and security software designed to sniff out malicious code.

What makes the botnet indestruc-
tible is the combination of its ad-
vanced encryption
and the use of a
public peer-to-peer
network for the
instructions issued to the malware
by command-and-control servers.

“The way peer-to-peer is used for TDL- 4 will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky.