Representatives of the Nuevo Laredo En Vivo forum denied the person was one of their moderators. One of the previous victims was a moderator there.

Popular Egyptian blogger's appeal denied, two 15-day detentions. After denying Alaa Abdel Fattah his freedom, and his demand to be tried in civilian court, the Egyptian military decreed two back-to-back detentions of 15 days each. He remains incarcerated on charges of inciting violence of the military. His mother has started a hunger strike to protest his detainment.

Brazil's "cybercrime" bill will inhibit free expression. This bill, currently in the country's House of Representatives, could make it possible for the courts to "apply criminal penalties to activities like file sharing, peer-to-peer communications, and the fair use of copyrighted works."

Anonymous uses DDoS against El Salvador. The Salvadoran government took its Justice Department website offline in response to an attack by the hacker collective Anonymous

DARPA requests hacker help. The government research agency has issued a call for American hackers to help shore up its cyber-security defenses.

FBI shuts down botnet. With "Operation Ghost Click," the FBI has shut down Esthost, the largest botnet in existence, operating out of Estonia.

Facebook to settle with FTC. The social network is nearing an agreement with the Federal Trade Commission over its misleading shift in privacy settings.

Israeli Knesset bills threaten free speech. The bills defund and otherwise limit the operations of non-governmental organizations in the country, including those that are critical of the government.

Use of Twitter by elite frees foreign reporter in Kyrgizstan. American photographer Nic Tanner was released from detention in Kyrgizstan through a combination of friends, friends of friends and Twitter.

"This is not a story of Twitter's ability to galvanize grassroots protests and marshal ordinary citizens to defend just causes. Kyrgyzstan is a place where high-tech social networks meet old-fashioned patronage networks. All those who got in touch were people we knew personally, and people with some clout. "

U.S. government seizes Twitter info without warrant. Adding to its previous warrantless seizure of Google information on Anonymous volunteer Jacob Appelbaum and others, its latest action did the same to Twitter information.

Salman Rushdie vs. Facebook. Facebook buckled in the face of a high-profile campaign by the Anglo-Indian writer to be allowed to use the name by which he is commonly known on his own Facebook account.

Delhi policy seek preemptive online taps. India, a standout in the crowd of democracies not terribly fond of hearing their own people speak, have come slightly closer to making certain they don't have to. They have proposed setting up a spy agency to eavesdrop on people's Internet and mobile traffic. You know. In case they commit a crime. That should shut 'em up.

U.S. House Judiciary Committee reviews SOPA. The legislation, the Stop Online Piracy Act, is often called the Stop Online Privacy Act by its detractors. A Hollywood-pushed bill, it will make it possible to block whole websites for accidentally hosting copyrighted material. In short, it gives an excess of power to government and law enforcement, which would result in rampant over-reaction and wind up limiting how Americans use the Internet - quite apart from copyright issues. It would also defy precedent and make everyone from ISPs to forum moderators responsible for copyright infringement.

Occupy Wall Street news shared via Storify. Early on in Monday night's raids to shut down the Occupy camp in New York, mainstream media outlets began reporting that the police were barring their reporters from entering the park. Social media, Storify in particular, picked up where the professional media left off.

The use of social media by Syrian protesters. Syria's is among the most violent of the Arab Spring uprisings, the government intractable and the political culture controlled. Syrians are using social media to skirt the suppression of the free flow of information, including mobile.

Overpass photo by Elliot Brown, Colombo photo by Bri

The TDL-4 botnet is 4.5 million PCs strong. It has some unique features that make it difficult to remove such as a powerful rootlet exploitation and the ability to disable other malware that is installed on a computer. Those features make it difficult to detect and remove the malware, but that is not what makes the botnet indestructible. The way TDL-4 communicates with its command-and-control center and other infected computers is what makes it unique.

Users usually think using encryption to transfer data and messages is a good thing on the Internet. In general, it is (despite the headaches associated with implementing and maintaining HTTPS). TDL-4 uses encryption against security defenders by swapping the table created for outgoing HTTP requests and eventually converting it to HTTPS using Secure Socket Layers (SSL) to connect to the command-and-control server.

Here is how the Kaspersky team describes the process:

"This table is activated with two keys: the domain name of the botnet command and control server, and the bsh parameter. The source request is encrypted and then converted to base64. Random strings in base64 are prepended and appended to the received message. Once ready, the request is sent to the server using HTTPS."

Here is Kaspersky's breakdown of the 4.5 million infected computers:

Essentially, TDL-4 uses peer-to-peer networking that enables it to hide the command-and-control center and also move the server so that it does not have one centrally-identifiable location. It encrypts the P2P communication, making it nearly impossible to track.

The Malware That Kills Malware

In the wild, only the strong survive. TDL-4 recognizes that it is stronger than its competitors, but also the fact that its competitors' behavior provides a threat to detection.

Botnet malware doesn't want the user to know that it is hiding in the hard drive. That means digging deep into the rootkit and kernel of the machine and tricking the rest of the system that everything is just fine. Yet, less sophisticated malware has tell-tale signs that it has infected a user's device such as unusual packet bursts, slowing of the machine and general odd performance issues.

So, TDL-4 kills the competing malware. The malware is a bootkit that accesses a computer's MBR (master boot record). It does this to hide from security programs and increase the life-cycle of the malware. The TDL-4 code, known as TDSS, has the ability to delete the most common viruses found on a computer, such as Zeus. It then downloads its own malware, such as "fake antivirus programs, adware and the Pushdo spambot," according to Kaspersky.

Unique Behavior

P2P botnets are increasing and the evolution is making it harder to track and destroy the networks. TDL-4 uses a unique method - it uses a public KAD P2P network to send and receive queries. This helps the botnet stay decentralized while also acquiring new devices that are using KAD to share files and applications.

TDSS also works to "poison" search engine results and advertising networks, creating proxy affiliates that can help download the malware to computers. We will have more on malware using P2P and "search engine poisoning" next week.

According to a report today from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.

"One Southern California 22-year-old could be seen registering a domain name with
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals' hands, though it's unclear what, if anything, criminals have done with the information yet," the AP notes.

But it wasn't just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn't been notified by the bank.

Determine whether your PC is part of a botnet

So how can you tell if you're machine is part of a botnet and what can you do about it?

Statistically, Macs are safe from botnets, although not completely immune to all threats as we noted here. But if you have a Windows based machine, Prevx suggests you stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.

"If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager," the company wrote on its blog recently. "When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge."

Prevx also suggests downloading another security product if you are suspicious, and recommends you use an alternative security product. "If your PC is infected then it is almost certain that your existing security product has already let you down."

Some of the free tools available include RUBotted (Beta) from Trend Micro, BotHunter from SRI International, or try an online virus scan with the Windows Live OneCare safety scanner.

For a primer on botnets, take a look at this short video from Symantec.