In early August, researchers at LURHQs Threat Intelligence Group were able to
infiltrate a botnet command-and-control center linked to the latest wave of attacks and found a sophisticated spam operation that included the use of a proxy Trojan, forged e-mail addresses and botnet drones.
Holz said some botnets have also been used to install keyloggers and other malware files to steal personal data from an infected users browser. "Adware installs are the most lucrative but once a herder has a few thousand machines under control, he can sit back and make a lot of money," he said.
"Its pretty standard to see about 7,000 infections per day whenever theres a new exploit. They [bot herders] keep the size of the botnets low on purpose to avoid too much noise," he said. "In this case with the DollarRevenue installations, the owner compromised about 33,000 machines in five days. On the fifth day, he changed the command-and-control server and moved right along," Holz said. The command-and-control infrastructure is most often an IRC server installed illegally on a high-bandwidth educational or corporate network. A botnet (short for "robot network") is a collection of broadband-enabled computers infected with worms and Trojans that leave back doors open for communication with the malicious attacker. Michael Sutton, a security evangelist at Atlanta-based SPI Dynamics, said Holzs findings are an accurate reflection of the severity of the botnet problem. "These botnets give attackers tools to do a lot of different things. The goal is to control bandwidth and CPU cycles to make money," Sutton said in an interview with eWEEK. Sutton, a well-known security researcher who previously worked as director of Verisign-owned iDefense Labs, said botnet-related crime is a "billion-dollar business." "On one side, you have these big advertisers pumping money into the adware business," he said. "On the other side, you have these shady companies with shady affiliate deals, cashing in. Ive seen reliable estimates that the business of serving ads via adware is worth $1.6 billion a year. Thats a phenomenal industry." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Holzs team has seen botnets that control between 10,000 and 25,000 compromised computers, and he says high-profile flaws in widely used applications are "quickly turned into exploits."