SleepyEgg

Researchers at Kaspersky Labs analyzing the 4.5 million-strong Alureon botnet (also known as TDL and TDSS) have branded it "practically indestructible." Law enforcement agencies have had some success recently at disrupting and bringing down botnets, with Coreflood, Rustock, and Waledac all successfully disrupted. The design of TDL's underlying rootkit is going to make similar retaliatory action much harder to pull of.

TDL-4 has been specifically designed to avoid destruction—whether by law-enforcement, anti-virus software, or competing botnets. On installation, TDL-4 will remove other rootkits, an act which both deprives competing operators of income and reduces the chance that the user will notice that their system is behaving strangely and attempt to repair it. The goal of a rootkit is to remain undetected, and that includes noticing that a computer simply isn't behaving correctly.