TDL-4 rootkit is another major upgrade to notorious TDSS family.
The TDSS rootkit family (also known as Alureon or TDL) is something of an admired worst enemy of security researchers and vendors of anti-virus products. They hide deep in the Windows operating system, using and manipulating low-level instructions to avoid detection by anti-virus suites, and using encryption to protect their communications with command and control servers.  
 
The latest TDL-4 version of the family is used (like the others) as a stealth backdoor installer of malware, and it has some huge advantages over its predecessors. It can infect 64-bit versions of Windows now by bypassing the Windows kernel mode code signing policy, and it creates ad-hoc DHCP servers on networks giving it new propagation powers.  
 
Another major step forward for the malware is the ability to use the Kademlia P2P network for communications. This helps to keep the rootkit stay alive if legal action in the real-world takes down command and control servers.  
 
TDL-4 is also protective of its control over an infected PC, and does not want to share power. It has its own built in anti-malware abilities, finding and killing ZeuS, Gbot and Optima malware infestations on systems it compromises. It even blacklists addresses of command and control servers used by rival malware.  
 
According to research from Kaspersky Labs, the formidable rootkit compromised 4.5 million PCs in the first three months of the year. Almost a third of those computers were in the United States, the most profitable targets.