The latest TDL-4 version of the family is used (like the others) as a stealth backdoor installer of malware, and it has some huge advantages over its predecessors. It can infect 64-bit versions of Windows now by bypassing the Windows kernel mode code signing policy, and it creates ad-hoc DHCP servers on networks giving it new propagation powers.
Another major step forward for the malware is the ability to use the Kademlia P2P network for communications. This helps to keep the rootkit stay alive if legal action in the real-world takes down command and control servers.
TDL-4 is also protective of its control over an infected PC, and does not want to share power. It has its own built in anti-malware abilities, finding and killing ZeuS, Gbot and Optima malware infestations on systems it compromises. It even blacklists addresses of command and control servers used by rival malware.
According to research from Kaspersky Labs, the formidable rootkit compromised 4.5 million PCs in the first three months of the year. Almost a third of those computers were in the United States, the most profitable targets.