The TDL-4 botnet is 4.5 million PCs strong. It has some unique features that make it difficult to remove such as a powerful rootlet exploitation and the ability to disable other malware that is installed on a computer. Those features make it difficult to detect and remove the malware, but that is not what makes the botnet indestructible. The way TDL-4 communicates with its command-and-control center and other infected computers is what makes it unique.

Users usually think using encryption to transfer data and messages is a good thing on the Internet. In general, it is (despite the headaches associated with implementing and maintaining HTTPS). TDL-4 uses encryption against security defenders by swapping the table created for outgoing HTTP requests and eventually converting it to HTTPS using Secure Socket Layers (SSL) to connect to the command-and-control server.

Here is how the Kaspersky team describes the process:

"This table is activated with two keys: the domain name of the botnet command and control server, and the bsh parameter. The source request is encrypted and then converted to base64. Random strings in base64 are prepended and appended to the received message. Once ready, the request is sent to the server using HTTPS."

Here is Kaspersky's breakdown of the 4.5 million infected computers:

Essentially, TDL-4 uses peer-to-peer networking that enables it to hide the command-and-control center and also move the server so that it does not have one centrally-identifiable location. It encrypts the P2P communication, making it nearly impossible to track.

The Malware That Kills Malware

In the wild, only the strong survive. TDL-4 recognizes that it is stronger than its competitors, but also the fact that its competitors' behavior provides a threat to detection.

Botnet malware doesn't want the user to know that it is hiding in the hard drive. That means digging deep into the rootkit and kernel of the machine and tricking the rest of the system that everything is just fine. Yet, less sophisticated malware has tell-tale signs that it has infected a user's device such as unusual packet bursts, slowing of the machine and general odd performance issues.

So, TDL-4 kills the competing malware. The malware is a bootkit that accesses a computer's MBR (master boot record). It does this to hide from security programs and increase the life-cycle of the malware. The TDL-4 code, known as TDSS, has the ability to delete the most common viruses found on a computer, such as Zeus. It then downloads its own malware, such as "fake antivirus programs, adware and the Pushdo spambot," according to Kaspersky.

Unique Behavior

P2P botnets are increasing and the evolution is making it harder to track and destroy the networks. TDL-4 uses a unique method - it uses a public KAD P2P network to send and receive queries. This helps the botnet stay decentralized while also acquiring new devices that are using KAD to share files and applications.

TDSS also works to "poison" search engine results and advertising networks, creating proxy affiliates that can help download the malware to computers. We will have more on malware using P2P and "search engine poisoning" next week.

Although as we reported yesterday, Netflix now surpasses P2P Internet traffic - in North America at least - but this doesn't mean that this isn't a popular avenue by which many people access movie entertainment. Rather than fighting BitTorrent, the makers of The Tunnel are embracing it.

The plot of The Tunnel, according to the film's website:

In 2007 the New South Wales government suddenly scrapped a plan to utilise the water in the disused underground train tunnels beneath Sydney's St James Train Station.

In 2008, chasing rumours of a government coverup and urban legends surrounding the sudden backflip, investigative journalist Natasha Warner led a crew of four into the underground labyrinth.

They went down into the tunnels looking for a story - until the story found them.

This is the film of their harrowing ordeal. With unprecedented access to the recently declassified tapes they shot in the claustrophobic subway tunnels, as well as a series of candid interviews with the survivors, we come face to face with the terrifying truth.

This never before seen footage takes us deep inside the tunnels bringing the darkness to life and capturing the raw fear that threatens to tear the crew apart, leaving each one of them fighting for their lives.

Eek.

You can download the official torrent or find the film in the BitTorrent's new App Studio.

Thankfully, GIftRocket has rebooted the whole process, with a really innovative solution that should please merchants, gift-givers, and recipients alike.

The recipient of the card will receive a message notifying them of the gift, and when they arrive at the location, they can follow the link in the email, allow their phone to confirm their geo-location, and presto - the money is transferred to them, via PayPal.

Sending and receiving a gift via GiftRocket is incredibly easy, and ease-of-use is one of the main things that the company is trying to address. But there are other benefits too: there's no card or certificate to carry around; there's no leftover change on the card; there's no expiration date.

There is, however, a fee to send a card this way - $1 plus 5% of the total of the card. The works out to $2 for a $20 gift card. While most "traditional" gift cards are free, it's worth paying a little bit extra in order to have the convenience of GiftRocket and the completely open selection of merchants where cards can be redeemed.

Giftrocket thinks this will be a boon for small businesses too, most of which don't have gift card programs. Those can cost businesses a significant amount of money, and since Giftrocket actually doesn't require merchants' participation, there are no set-up fees. There's just a snippet of code that, should they decide to do so, businesses can add to their websites to let customers know that their gift cards are "Powered by GiftRocket."

Users will be able to send or receive money from their Serve accounts, which can be funded by a bank account, debit or credit card, or by money from another Serve account. With the new AmEx digital payment system, consumers will be able to make payments via the Serve website, via their mobile phones, and with merchants who accept American Express cards. Accounts will be accessible via Android and iPhone apps and through Facebook.

According to American Express' Dan Schulman, "We intend to quickly evolve the Serve platform by adding new features and functionality as we learn from consumer and merchant experiences. To encourage a broad cross-section of people to experience the benefits and convenience of Serve, we are working with a range of partners to integrate Serve as a payment method and deliver customized offers, and we will waive most consumer fees for the next six months."

Wooing Customers Away from PayPal

The lack of fees might be a good way to lure new customers, but AmEx says those fees won't be high after that initial six month period. Customers will be charged for putting money into their Serve accounts - 2/9% plus a $0.30 per load - and will be charged for ATM cash withdrawals - $2 after one free withdrawal per month.

The move of both Visa and American Express to start offering these P2P online payments is a clear indication that credit card companies are recognizing that online payments are reshaping financial transactions. As both of these giants gun for what has long been PayPal's market, it will be interesting to watch if the competition makes things better for consumers, who will now have more choices in how they can send and receive money online.

According to a study released today by the market research company NPD Group, a market research group, it is. The company contends that since a federal judge ordered that the peer-to-peer site Limewire shut its doors in the fall of last year, that the peer-to-peer filesharing of music - both the number of files downloaded and the number of users of the P2P sites - has declined.

"LimeWire was so popular for music file trading, and for so long, that its closure has had a powerful and immediate effect on the number of people downloading music files from peer-to-peer services and curtailed the amount being swapped," says Russ Crupnick, NPD's entertainment industry analyst.

While the NPD statistics make the actions against LimeWire seem like a win for the music industry, but it's worth scrutinizing the argument closely. LimeWire was used by about 56% of those using P2P services, NPD reports, but that doesn't mean that those users simply stopped file-sharing. After all, while Limewire was shuttered, other P2P sites reported an increased usage.

Furthermore, over that same time period studied in the report - from 2007 to 2010 - a number of new options have become available for Internet users to get their music. Streaming and subscription services like Spotify and Pandora have changed the way that music is consumed online.

The NPD study was gathered from self-reported data, which also makes its findings a little difficult to say much about. But no matter the origin of the data here, it's a bit of a stretch to contend that LimeWire's closure means less piracy. Less file-sharing? Maybe. Less piracy? I'm not sure. Regardless of the accuracy, it's likely we'll see these statistics invoked by those that argue that going after P2P websites is a good move for the music industry.

Visa's announcement includes a partnership with CashEdge and Fiserv, two person-to-person financial transactions companies, which will now have access to VisaNet, the company's payment processing network.

Visa describes cash and check transactions as "inefficient" and indeed, there are many reasons why a move to offer this makes sense for Visa. Yet, despite Visa's leadership as a credit card processing company, it might have a difficult task ahead of it in unseating PayPal as many people's online financial transactor of choice. PayPal, after all, doesn't require you have any credit card, let alone a Visa.

In December, Google said it was taking steps towards "making copyright work better online." Among other things, it promised that "terms that are closely associated with piracy" would no longer appear in autocompletes.

Forbidden from Autocomplete Arbitrarily?

Part of the problem with this new implementation, as TorrentFreak noted when it broke the story, the list of banned terms is "seemingly arbitrary." No version of the word "torrent" will work for instant search - neither the software "uTorrent," nor "BitTorrent," the name of a protocol and a San Francisco-based company. But while the cyberlockers RapidShare and Megaupload are now forbidden, other sites like HotFile and MediaFire are not. Furthermore, you can still find the names of other popular torrent sites, including The Pirate Bay.

TorrentFreak cites a response from RapidShare, who say that "We knew about Google's plans for quite a few weeks now. We embrace that certain search suggestions will not put a wrong complexion on RapidShare anymore, but we are concerned that at the same time the legitimate interests of our users will also be affected."

The company adds that "RapidShare is one of the most popular websites worldwide. Every day hundreds of thousands of users rely on our services to pursue their perfectly legitimate interests. That is why Google has obviously gone too far with censoring the results of its suggest algorithm. A search engine's results should reflect the users' interests and not Google's or anybody else's."

For now, you can still search for torrent information. While your search queries won't autocomplete, the results aren't censored. Yet.

Image credits: TorrentFreak

Flattr lets users "Like" websites and content, but that action is backed with real money. Before this new donation feature was added, the money in your Flattr account was split evenly each month among all the sites you've "flattred." And while you can still use the service that way, you'll also be able to donate a specific amount - a minimum of €2, up to €50. "We think this will take the system to a whole other level beyond just tips," says Flattr's Eileen Burbidge.

As we suggested last month, Flattr's new feature will likely benefit WikiLeaks, as Flattr remains one of the only ways to make a donation to the site now that PayPal, Visa and MasterCard have closed those paths to funding. Beyond the support for WikiLeaks, Flattr has developed a small but thriving network of users: since opening its beta, it has gained 46,056 registered users and has passed more than €114,057 through its peer-to-peer payment system.

If you're still looking for more ways and more things to Flattr, a developer has taken Flattr's API and built Flattr4Android, a tool that will let users scan a QR code off-line. This code is tied to a Flattr account, making it easy for you to submit and flattr content via your mobile phone.

With these changes, Flattr address two things poised to be big trends this year: the growth of mobile money and expansion of peer-to-peer networks.

These clients use the BitTorrent protocol, a peer-to-peer file-sharing protocol that's used to distribute large amounts of data. Rather than downloading a file from a single source, BitTorrent allows users to join a "swarm" of hosts that can upload and download files in pieces.

The company has released additional statistics about the usage of its clients: There are over 20 million daily active users, and the client is downloaded an average of 400,000 times per day. The software is available in 52 languages, and the clients check in from over 220 countries every day.

Although the P2P protocol has long been associated with digital piracy, BitTorrent made a number of agreements with content creators such as Pioneer One and the Yes Men in order to distribute their works.

According to spokesperson Peter Parkes, problems with the Skype network's "supernodes" are responsible - something it may take several more hours to fix.

This explanation certainly supports the cascading failures we reported earlier today, with Skype connections dropping from 21 million to around 1 million (by our accounts here at ReadWriteWeb as, like many remote workers, we scrambled for another communication tool).

Parkes says that it may take hours for new supernodes to be readied, and even longer for other Skype features such as group video calling to be restored.

The news wasn't good for LimeWire back in October when a U.S. District Court judge issued an injunction, forcing the P2P filesharing site to close down both the website and its client. And arguably, things went from bad to worse when a figure named MetaPirate took advantage of the open-source code for the client and recreated a Pirate Edition of LimeWire, causing both the RIAA as well as LimeWire to scramble to track him down. Those meddling kids.

The company had long indicated it planned to launch a music subscription service, but those plans now seem unlikely as well. Considering such a project would require licensing agreements with the very businesses that have sought to shut LimeWire down, that's not really a surprise. Once the world's most-installed filesharing application, this looks to really be the end of LimeWire.

The DNS, or Domain Name System, is one of the foundational elements of the Internet, responsible for translating the numbers in IP addresses to the more human-friendly names. And ICANN, the Internet Corporation for Assigned Names and Numbers, is a nonprofit organization tasked with managing both the IPv4 and IPv6 Internet Protocol address spaces, maintaining the registries of IP identifiers, and managing top-level domain names.

A Distributed Alternative to the Domain Name System

Arguing that "we want the internet to be uncensored," Sunde has formed a group to work on the project, a DNS that would not utilize a centralized root but would instead take advantage of peer-to-peer technology. He writes, "By using existing technology for de-centralisation together with already having a crew with skilled programmers, communicators and network specialists, an alternative system is not far away. We're not going to re-invent the wheel, we're going to build on existing technology as much as possible."

The technology may exist to make a BitTorrent-based alternative possible, but such a system would face a massive uphill battle to provide a viable alternative - in terms of delivering speed and performance, but also in terms of gaining widespread adoption. And as Ars Technica notes, one of the biggest problems will be around the ownership of domain names. "The stakes are high," writes Iljitsch van Beijnum, "even a small fraction of the traffic of a popular site, or even just an interesting search term, can be worth a lot of money. It's hard to imagine that with such high stakes there wouldn't be any abuse of such an open system, or at the very least, widely diverging points of view of what's best."

Despite these obstacles, Sunde's proposal has been met enthusiastically in some circles, which considering the intersection of politics and web technologies over this past week, is hardly a surprise.

In justifying the increase in damages in this ruling, the appeals court said that it had "to a greater extent than the district court, accepted the plaintiff companies' evidence of its losses as a result of file-sharing."

A fourth defendant from the original conviction, Gottfrid Svartholm, was not included in today's verdict as he was absent at the court hearings due to medical circumstances. His case is still pending.

While awarding large damages in these sorts of cases has become common, sentencing people to prison is unusual. Peter Sunde told TorrentFreak that ""They're giving us jail even though it's not the right thing for the 'crime.' It's just to scare people. That's what you did in the 1600s." He indicated that the group intends to appeal today's decision to the Swedish Supreme Court.

One of the entertainment industry lawyers, Monique Wadsted, is quoted in the New York Times as saying "My assessment is that in two years this type of piracy activity will be completely dead." However the court battles, including today's ruling, have yet to impact the ability of The Pirate Bay to stay online.

And now both the RIAA and LimeWire are the trail of "MetaPirate," the person responsible for the Pirate Edition.

The court has now shut down the Pirate Edition site, something that "MetaPirate" will not be able to contest without revealing his identity. And the court has also ordered LimeWire to turn over a variety of documents by the end of today that might point to the person responsible. These include:

(i) a list of all current and former employees of the Defendant who, to Defendants' knowledge, have had possession or knowledge of the private key used to sign the LimeWire SIMPP file in the past year, and (ii) a list of all known LimeWire software developers, programmers, or other employees who, to Defendants' knowledge, would have been capable of excising the features that were removed from LimeWire 5.6 beta before it was redistributed as the LimeWire Pirate Edition.

When the Pirate Edition was released, LimeWire adjusted the announcement on the homepage of its now shuttered site to read that "all persons using the LimeWire software, name, or trademark in order to upload or download copyright works in any manner cease and desist from doing so." And while LimeWire feels the need to appear to be proactive in tracking down the pirated version, MetaPirate said in an interview with Ars Technica that his ability to recreate LimeWire is simply due to the filesharing software being open-source. When asked if MetaPirate was a former LimeWire employee, he responded, "I am an agent provocateur for the RIAA, and you can quote me on that."

Although there are certainly variations between regions, some of the trends the report finds are global: Real-time entertainment dominates data consumption on both mobile and fixed networks worldwide, constituting about 43% of total Internet traffic. And social networking services make up a significant and growing percentage of mobile Internet traffic, doubling in Latin America just over the last eight months.

North America

Real-time entertainment is the largest contributor to data consumption in North America on both fixed and mobile networks, accounting for 43% of peak period traffic on the former and 41% on the latter. This is up from 30% less than a year ago. And as we've reported here before, Netflix alone constitutes more than 20% of downstream traffic during that time-frame.

P2P file-sharing remains popular in North America, but it has seen a dramatic decline on mobile networks. Even so, it still accounts for a whopping 53.3% of upstream capacity on fixed networks. In other words, we leave our PCs on at home for P2P, and don't bother with file sharing on our smartphones.

Latin America

Although Latin America still has a relatively low level of Internet penetration, many new subscribers are opting for mobile, rather than fixed network access. Unlike the North America market, where these two methods of accessing seem to lead to slightly different Internet usage, in Latin America Internet users seem to behave similarly whether they're wireless or wired.

Asia-Pacific

The median monthly data consumption in this region occurring over fixed networks is roughly 12 GB. That's compared with about 4 GB per month in North America.

Europe

The top four applications driving European upstream traffic are BitTorrent (30%), HTTP (23%), PPLive (12%), and Skype (9%). The latter is significantly higher than in North America and the Asia-Pacific, where Skype is roughly 3% of upstream traffic.

Photo credits: NASA Goddard Space Flight Center