Small Botnets Cause Big Security Problems for Enterprises | eWeek

Small Botnets Cause Big Security Problems for Enterprises

Écrit par
Brian Prince
Brian Prince
Sep 29, 2009
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

While massive botnets such as Rustock and Conficker often make headlines, research from Damballa released in September shows many enterprises are under attack by smaller threats they’ve likely never heard of.

After tracking more than 600 botnets over a three-month period, researchers Gunter Ollmann and Erik Wu discovered that most were composed of 100 nodes or fewer. Those smaller botnets represented 57 percent of the total. Twenty-one percent had between 101 and 500 bots; 17 percent had between 500 and 10,000. Only 5 percent consisted of more than 10,000.

Finjan researchers find a botnet controlling over 1.9 million computers. Click here to read more.

“While many people focus on the biggest botnets circulating around the Internet, it appears that the smaller botnets are not only more prevalent within real-life enterprise environments, but … they’re also doing different things,” blogged Damballa’s Ollmann, vice president of research. “And, in most cases, those ‘different things’ are more dangerous since they’re more specific to the enterprise environment they’re operating within.”

Many of the smaller botnets make use of “the popular DIY malware construction kits out there on the Internet,” he noted. Some of those, such as the infamous Zeus Trojan, can sell for as little as a few hundred dollars-but “can often be downloaded for free from popular hacking forums, pirate torrent feeds and newsgroups.”

Ollmann continued, “It looks to me as though these small botnets are highly targeted at particular enterprises (or enterprise vertical [sectors]), typically requiring a sizable degree of familiarity [with] the breached enterprise itself. I suspect that in some cases we’re probably seeing the [handiwork] of employees effectively backdooring critical systems so that they can ‘remotely manage’ the compromised assets and avoid antivirus detection … The problem, though, is that the majority of these ‘freely available’ DIY malware construction kits are similarly backdoored. Therefore, any [employees] using these free kits to remotely manage their network are also providing a parallel path for the DIY kit providers to access those very same systems-as evidenced [by] these small botnets often having multiple functional command and control channels.”

The smaller botnets appear to be “more professionally managed-with botnet masters specifically targeting corporate systems and data within the victim enterprise,” he wrote. Rather than being used for “noisy attacks” such as a denial of service, “they’re often passively monitoring the enterprise network to identify key assets or users” and then going after high-value data.

“The net result is that these smallest botnets efficiently evade detection and closure by staying below the security radar and relying upon botnet masters that have a good understanding of how the enterprise functions internally,” Ollmann wrote. “As such, they’re probably the most damaging to the enterprise in the long term.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.