Microsoft identified the most prevalent pieces of botnet malware on the Web - as well as the country many botnet-controlled computers call home.
Most botnet-infected computers reside in the United
States, according to figures from Microsoft.
In Version 9 of its Security Intelligence Report, Microsoft reported finding
2.2 million computers in the United States
control of botnets
during the second quarter of the year. That figure
represents roughly a third of all the bots Microsoft detected, and
approximately four times more than Brazil,
which had the second highest total at roughly 550,000.
The most prevalent pieces
of botnet malware
detected during the second quarter of the year were
Rimecud, Alureon and Hamweq, all of which witnessed a decline. The fourth most
prevalent however was Pushbot, and detections for that malware increased 24
percent compared with the first three months of the year. Pushbot (also known
as Palevo by Symantec) is a family of malware that spreads via MSN
Messenger, Yahoo Messenger and AIM.
"Botnets are the launch pad for much of today's criminal activity on
the Internet," blogged
, general manager of Microsoft Trustworthy Computing. "In
many ways, they are the perfect base of operations for computer criminals.
Botnets are a valuable asset for their owners-bot herders-who make money by
hiring them out to other cyber criminals to use as a route to market for
cybercrime attacks such as phishing attacks, spam attacks, identity theft,
click fraud and the distribution of scam emails."
, a botnet known as Lethic was responsible for 56.7 percent of
the botnet spam between March and June of 2010, using just 8.3 percent of known
botnet IP addresses.
"Lethic is a closely controlled botnet that uses a custom binary
protocol for C&C [command and control]," the report states. "A
takedown of the Lethic C&C servers in January 2010 disrupted the attackers'
ability to send spam, although they subsequently regained control of the
Spam, of course, is just one activity associated with botnets. Pushbot, for
example, is a malware family based on a kit called Reptile, and is therefore
not a single botnet. As a result, the malware has been associated with a
variety of capabilities, including distributed denial-of-service attacks.
"Over the past several years, cybercriminals have focused their efforts
on monetizing their malicious activities by victimizing computer users,"
said Elias Levy, senior technical director of Symantec Security Response. "Thus,
they target countries that have a high personal net worth, advanced financial
systems that allow the online transferring of funds and those with a lot of
online shoppers. The U.S.
fits that profile quite well."
Security researchers have increasingly turned to botnet takedowns as a way
to fight back. Microsoft took the operators
of Waledac to court
, seeking to take control of 276 Waledac domains.
"Bot herders guard their botnets jealously and invest huge amounts of
time, effort and money in them," Hall blogged. "They spread their
bots by a central command to masses of computer users through malicious
software and user deception. By keeping a low profile, bots are able to
infiltrate computers and devices and can quietly operate in the background,
often undetected for years."