The botnet world is booming

Botnet-directed attacks are increasing

The thriving world of botnet attacks continues to demand IT's attention.

With U.S. and South Korean government Web sites hit by distributed denial-of-service (DDoS) attacks this week by a botnet controlled by an unidentified attacker -- North Korea is suspected, however -- the shadowy world of botnets continues to grow unabated.

According to the ShadowServer Foundation, a group sharing information about botnet activity, the number of identified botnets, which started to take off about half a dozen years ago, has grown from about 1,500 two years ago to 3,500 today.

So far the botnet-directed attacks against the United States and South Korea, believed carried out through hidden manipulation of about 50,000 compromised computers using an updated version of an old virus, MyDoom, have done no lasting harm to the many Web sites struck, although the U.S. Federal Trade Commission and the Department of Transportation suffered outages and still is struggling, according to Keynote Systems, which measures and monitors Web site use. And the DDoS botnet episode is ongoing, with more hits expected on South Korean banks and a newspaper, says South Korean antivirus firm AhnLab, which analyzed malware samples associated with the attacks.

It's not just DDoS attacks that are associated with botnets. Botnets are usually specialized, designed for criminal tasks that range from spam distribution; stealing identity credentials such as passwords, bank account data or credit cards and keylogging; click fraud; and warez (stealing intellectual property or obtaining pirated software).

"There's usually a primary purpose to a botnet," says Jose Nazario, manager of security research at Arbor Networks. "There are turf wars out there as criminals are vying for the desktop. They try to kick each other off."

Although botnets come and go, the more successful ones have endured for years as large command-and-control systems operated by shadowy groups that have taken over hundreds of thousands of desktops and sometimes servers.

These botnets are bequeathed names -- usually quirky ones -- by researchers probing them, with the first to identify a new botnet typically getting to name it.

Gammima (gaming password stealer), Conficker (fake antivirus) and Zeus (information stealer), are among what are believed to be the largest, according to security firm Damballa.

But sizing botnets up in terms of actual numbers of compromised computers, under their control as bots (sometimes called "drones") is tough, many experts say.

That's because these numerical counts, typically based on detected numbers of infected machines, are often based on IP addresses where numbers are influenced up or down by network technologies such as network-address translation. And there's constant change.

The irony of Conficker, which has infected an estimated 1 million to 10 million machines and has made attempts to sell fake antivirus to its victims, is that it remains so quiet.

"It's one of the largest botnets out there but currently it's doing nothing," says Nazario, who believes Conficker has infected about 5 million Windows-based computers.

The easiest type of botnet to count seems to be the spam botnets. According to Symantec's MessageLabs division, the top botnet in June was one called Cutwail, which generated more than 45 per cent of all spam worldwide through a botnet controlling about 1.4 million to 2.1 million compromised computers at any time.

But the Federal Trade Commission's shutdown last month of Web hosting firm Pricewert, accused of illegal activities involving botnets and child porn (which Pricewert denies) has disrupted the Cutwail botnet, says Matt Sergeant, chief antispam technologist at MessageLabs.

Cutwail, which exists as two distinct malware versions "is not currently No. 1 anymore," Sergeant says. He predicts that by the end of July, it's likely the No. 2 botnet, Rustock, which had only controlled 4.5 per cent of the world's spam, will jump to about 50 per cent of spam, with Cutwail knocked down, though struggling for a comeback.

The buyers of spam services in the underground economy appear to be switching from Cutwail to Rustock, Sergeant suspects. Both botnets have existed for several years, with their master controllers suspected to be in Ukraine or Russian-speaking countries. Several other researchers see strong ties to Ukraine and Russia in general for all manner of botnets..

Nazario and Sergeant both say prosecuting illegal botnet activity is very difficult across the jurisdictional boundaries of different countries, though they credit the Federal Bureau of Investigation with determined law-enforcement efforts on this front today.

One of the most dangerous botnets out there, by many accounts, is Torpig, which is designed to steal identity credentials, credit cards, bank account and PayPal information, and more.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags botnet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments





TerraCycle Zero Waste Box Pens and Markers Small

Learn more >

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?