Feeds

Evil twins spread zombie plague

Sdbot and Gaobot infections behind most botnets

Build a business case: developing custom apps

The Sdbot and Gaobot malware families are responsible for most botnets worldwide. The two strains were responsible for 80 per cent of detections related to bots during the first quarter of 2007, Spanish anti-virus firm Panda Software reports.

Other culprits, although on a lesser scale, included Oscarbot, IRCbot or RXbot. The widespread abuse of Sdbot and Gaobot to create networks of zombie compromised PCs is due to other factors beyond ease of infection or potency of their code, explains Luis Corrons, technical director of PandaLabs.

"This dominance is not so much due to any special features of Gaobot or Sdbot, but simply because their code is much more widely available on the internet. This means that any criminals that want to make a bot can simply base it on the source code of these threats, making any modifications they choose. Essentially, this saves them a lot of work," he said.

Bots are automated worms or Trojans used by hackers to gain control of computers. Networks of compromised machines under the control of hackers (botnets) are used to send spam, covertly install spyware and adware on compromised machines, or used as a resource from which to launch denial of service attacks, for example.

In 2006, bots accounted for 13 per cent of all new threats detected by PandaLabs. Of those, 74 per cent belonged to the Sdbot and Gaobot families. Bots often spread through emails that use social engineering to trick users into opening infectious attachments or (more commonly) con users into visiting hacker-controller websites that exploit system vulnerabilities to install malware, so-called drive-by-downloads.

Up until recently most bots were controlled through IRC servers, allowing hackers (bot-herders) to hide behind the anonymity of chat servers. Newer-generation bots can be controlled through web consoles using HTTP, making it easier to manage larger networks of compromised systems. "Control through IRC is useful for controlling isolated computers. However, this system is not so useful when it comes to botnets. By using HTTP, bot herders can control many more computers at the same time, and can even see when one of them is online or if the commands have been executed correctly," explains Luis Corrons.

Companies are advised to carry out periodic audits to check that there is no malware hidden on their networks. Panda Software, along with other anti-virus firms, offers a range of enterprise packages designed to keep malware threats at bay. It also runs an automated security audit service called Malware Radar.

On the home front, Panda is launching an awareness campaign featuring easy access to its new online scanning tools via Infectedornot.com. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?