More than four million PCs have been enrolled in a botnet security experts say is almost 'indestructible'

The botnet, known as TDL, targets Windows PCs and tries hard to avoid detection and even harder to shut down.

Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.

Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.

The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.

The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.

"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.

Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.

SpamThru Trojan uses P2P technology to send commands to hijacked computers and an anti-virus scanner that introduces a never-before-seen level of complexity and sophistication.

Malicious hackers battling for control over an infected system have also removed competing malware by killing processes, removing registry keys, or setting up mutexes that fool the other malware into thinking it is already running and then exiting at start.

But, as Stewart discovered during his analysis, SpamThru takes the game to a new level, actually using an anti-virus engine against potential rivals.

Security researchers are finding more clues of an emerging battle being carried out between the long-running Zeus botnet and newcomer SpyEye, which has been engineered specifically to take over machines that were previously infected by Zeus.