Feeds

Botnets claim 7-fold increase in victims

Are we winning the cybercrime war yet?

Secure remote control for conventional and virtual desktops

Botnets used in banking credential theft and other criminal enterprises made huge gains in 2010, claiming more than seven times as many victims as the previous year, according to a report issued by a security firm that follows the large networks of infected machines.

The dramatic increase was fueled by improvements in DIY botnet construction kits, which allowed internet-based fraudsters to construct new networks that quickly gained traction, the report from Damballa said. As a result, six of the 10 biggest botnets of 2010 weren't in existence the previous year. New infection technology that targets a hard drive's targets a hard drive's master boot record and changes the machine's boot options also played role.

“Throughout the year, the Top 10 largest botnets increased their total share of all bot infected victims,” the report (PDF) states. “At the beginning of the year approximately 22% of observed botnet victims were infected with malware attributed to just ten botnet operators. By the end of the year, this proportion had grown to nearly 57% - more than doubling their share of global botnet victims.”

In the run-up to Christmas week, the total number of unique botnet victims was 654 percent higher than the same population was at the beginning of the year. The average incremental growth throughout the year was 8 percent.

In addition to the release of refurbished Zeus crimeware kit, other DIY kits available in underground forums are marketed under names such as Phoenix, Darkness, BlackEnergy, and Eleonore. The packages allow criminals to quickly build botnets without having to write the code from scratch.

Damballa's report contrasted with the findings of anther Atlanta-based security firm, Secure Works, which was recently purchased by Dell. Secure Works' Spambot Evolution 2011 said botnets that specialize in sending spam largely marked time last year, with fewer new families emerging and only incremental changes in existing ones.

Like the botnets observed by Damballa, many of the spambots described by Secure Works researcher Joe Stewart made vast improvements in concealing the infections. For instance, Rustock, the biggest spam network with an estimated 250,000 zombies, waits as long as five days after taking hold of a system before it begins sending junk messages. Rustock control servers also run a TOR exit node, “likely in an attempt to avoid disconnection by network administrations who might think the abuse is originating elsewhere,” Stewart writes. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.