Security researchers at Kapersky Labs have discovered botnet software that uses a range of techniques to remain undetected, making it "practically indestructible".
Computers infected by the software, called TDL-4, fall under control of the botnet's criminal owners and can be used to pump out spam or commit other online attacks.
Communication with the botnet's command and control servers takes place over a public peer-to-peer file-sharing network and is protected by a custom encryption algorithm, making it very hard to track down the botmasters in charge and shut them down.
More than 4.5 million computers running Windows have been infected by TDL-4, but they're unlikely to know it. The malware installs itself in the computer's master boot record, a part of the system that loads before the operating system starts up, hiding it from most anti-virus programs and bypassing Window's security altogether.