Botnet and zombie computers

by Stephane

Botnets: networks of zombie machines

A botnet is a collection of computers infected with malware, coordinated by a hacker from a control server. It can be used to carry out a number of malicious attacks, such as denial of service, phishing, spam, scams and all kinds of viruses. According to one IT security expert, the fight against botnets seems to be bearing fruit in 2010, despite the increase in botnets for mobile OS.

 

Microsoft’s ninth security report

According to the ninth security report published by Microsoft, the botnet was on the rise in 2010. In April and June, almost 6.5 million machines required cleaning after being infected by a botnet. While the United States is the country most affected by the zombie network, South Korea has the highest contamination rate, with 14.6 infections per 1,000 machines analyzed.

 

Popularity of small botnets

According to botnet analysis carried out by researchers, small botnets are more popular and pose a real danger to the enterprise than large botnets. Of the 600 botnets surveyed, 57% are made up of 100 or fewer zombie machines, while only 5% are made up of more than 10,000 botnets. 21% consist of only 100 to 500 zombie machines, and 17% of 500 to 10,000 zombie networks.

 

The hackers controlling the small botnets are not aiming to launch a denial of service attack, but rather to seize users’ personal data. Credit card phishing is probably the most common activity carried out by small botnets.

 

Relationship between spam and botnets

According to one IT security specialist, 77% of spam sent worldwide comes from botnets. Thanks to the dismantling of several botnets by disconnecting the control server, arresting those responsible and notifying infected users by ISPs, the volume of spam sent during the last quarter of 2010 showed a significant drop.

 

According to a company specializing in IT security, 57% of users who fell victim to botnets in 2010 were linked to the ten largest botnets known to date, including RogueAVBotnet, ZeusBotnetB, Monkif, Koobface, Confliker and others. Inexistent in 2009, these botnets are gaining in power every day, thanks to the frequency with which they are updated.

 

Significant action against botnets

The battle against botnets is a long-term one. The effects are lasting only if actions are taken on an ongoing basis. If a zombie network is disbanded, more powerful ones immediately take its place. A number of countries and Internet service providers have not hesitated to take specific measures. In the Netherlands, for example, a close working relationship has developed between the relevant authorities and the country’s operators. All subscribers infected by malware will be promptly notified. Their Internet connection may be cut if necessary.

 

 

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …