Neoseeker : News : The world's top three biggest botnets in action today
Hardware Newsletter:
Email:

Latest News
Thu, Sep 04
Wed, Sep 03
Tue, Sep 02
send article hardware newsletter   article comments (28)

The world's top three biggest botnets in action today
Kevin Spiess - Friday, November 9th, 2007 | 1:44PM (PT)


New botnet found -- potentially one of the world's largest

The world's top three biggest botnets in action today Image 1

What's a botnet? A botnet is a network of computers that have been compromised by malware, and have fallen under the partial control of a nefarious person (or people) someplace. Botnets are used for a variety of purposes. Most often they are used to send out excessive quantities of spam mail out. Less often, but more dangerously, they are used to collect personal information on people for criminals.

Botnets are big business for criminals, according to many security specialists. In a recent article from Dark Reading magazine, Tripp Coxx, vice president of engineering for the company Damballa, outlines the largest three botnets in operation today.

The largest botnet today is still the Storm botnet. Storm became by the largest botnet ever seen, and has "changed the botnet game", according to this recent article. Recent research puts the Storm botnet in control of around 230,000 computers in a typical day. It is a sophisticated creation that infects computers using a combination of worms, rootkits, and trojans, and propagates itself using distributed encrypted communications. This method makes Storm almost impossible to kill, but makes it much easier to trace, on such P2P networks as eDonkey and Overnet.

Most users infected by Storm don't know it. It seems to be under control by a small group of people based in Russia. It is also possible that the 'resources' of the Storm botnet are rented out to interested criminal organizations and parties.

You can read more about Storm from my previous news story here.

The second largest botnet seems to be Rbot. It resides in a much smaller group compared to Storm: apparently around 40,000 computers a day are under Rbot's control.

Rbot is an "old-school" botnet that uses rootkit malware, and spreads of IRC networks. "It's difficult to predict the intent of it. It's a utility bot," said one researcher. "It self-propagates by scanning local networks for exploitable vulnerabilities . . as well as via DDOS attacks and email." Rbot hands almost total control of your computer over, through the use of Backdoor programs. A computer infected by Rbot becomes susceptible to keyloggers, having files stolen, and having their anti-virus software turned off, amongst other things. Because of the nature of Rbot's propagation, it is unlikely ever to get very much larger than it is today.

The third largest botnet has been around for a long time, and called Bobax. It controls roughly 24,000 computers a day. Taking advantage of a buffer overflow vulnerability in Windows, Bobax utilizes backdoor programs to turn infected computers into specialized spam delivery devices. The infection measures network bandwidth, and adjusts itself accordingly, in order to sent out as much traffic as it think it can by with without being very noticeable. Bobax is "able to tailor spamming so as not to tax the network, which helps [it] avoid detection," according to Damballa.

And the situation is far from looking rosy. Damballa's research has lead them to the discovery of a new massive botnet, that may even rival Storm in size. Tripp Coxx did not want to reveal many details at this point, but had this to say: "We're investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication. We can't say much more about it, but we can tell it's distinct from Storm."

With the massive amounts of money and power afforded by these big botnets, they will undoubtedly become an even more prevalent problem in the next few years to come.

Source: Dark Reading

Section: Internet Related

  Related Stories

back to news    comments or corrections
- This news story is archived and is closed to comments now -

Comments:

November 10th, 2007 12:39AM(PT)
tallteen86
Eggghhhh, I wouldn't be surprised if my computer was part of one of the nets (probably Storm)...
November 10th, 2007 7:31AM(PT)
Diablos
It's fairly easy to keep out, Avast, AVG and any standard anti-virus is enough to protect you. It's quite amazing how many people have unprotected computers. More and more people every day are buying computers and then just using it without looking into adding protection or security measures. The PC industry and such needs to raise awareness of these problems. It's currently not doing enough.
November 10th, 2007 1:10PM(PT)
Cillchaoi
Another issue is that many people do not set their software up for proper detection. They just install the software and assume that the defaults are good enough. Further, many do happen to use AVG, Avast, Sophos, and other down-market antivirus packages thinking they will protect them. I have seen all too often thousands of infections that these programs have missed. (The worst was a machine that had over 35,000 infections yet the definitions for the antivirus program were up to date.)

The best protection is a firewall (preferably a hardware firewall/router) and a top-shelf antivirus program (the best is Norton Antivirus), both properly configured.
November 11th, 2007 12:54PM(PT)
DeathMonkey
Good job I format quite often.
November 11th, 2007 2:31PM(PT)
DeltaGorno
I'd recommend any free AV software over Norton, Norton has a habit of infesting your computer and not letting go. In most AV tests Norton barely does better than the free programs anyway, and frankly unless you're an idiot when it comes to email or you download excessive amounts of porn, the free software is more than adequate and doesn't decide that your computer belongs to it and it alone.

If you absolutely must pay for your AV software, Kaspersky is the way forward. Having said that about Norton, if you can get Symantec Corporate from your employer it is frankly superb. Pity their excellence with the corporate software never translates to their commercial software.
November 11th, 2007 3:32PM(PT)
iamjoe56
Delta, I shall warn you now. Cillchaoi is not one to argue with over technical issues. You will be beaten into the ground. I'd suggest backing off now.

But one I point I have, is that you can BUY the corperate license for Norton for about $40.
November 11th, 2007 4:15PM(PT)
DeltaGorno
Riiiight. I'ma quaking in my boots.
November 11th, 2007 6:26PM(PT)
iamjoe56
Don't beleive me? Fine, find out when he gets on. He'll eat you for breakfast.
November 11th, 2007 7:48PM(PT)
Cillchaoi
Deltagorno,

Everyone is entitled to his own opinion but I shall say that, being a professional in this industry and having had to clean computers that were supposedly "clean" according to things such as Kaspersky, I can tell you that none of those freebies out there work as well as Norton. Further, the difference between the Corporate version and the non-corporate has to do with the way that it operates in relation to external entities (e.g. Norton Command Console, servers, etc.). It has nothing to do with the way that the scanning takes place nor how well it detects infections.

Further, yes, there have been some versions (up through 2004) that got corrupted on occasion and took a little while to get out if one wished to upgrade to the new version or put on a lesser program (such as McAfee). However, for those who knew how to do it, the removal took only about 15-20 minutes when it was corrupted (as opposed to 5-10 minutes when it was undamaged). Most of the corruption was due to infections that people told Norton to ignore anyway.

Since the days of NAV 2005, I have not seen any installations that were problematic upon upgrade to a newer version or installation of something else. I cannot say the same about McAfee, though. McAfee gets into the computer and stays there until the computer is reformatted. I have had a number of clients who have decided to go for Norton Antivirus and the only option I had was to hack into the registry to disable McAfee. Attempting to uninstall the program through the control panel did not work (showing McAfee to be a virus itself in my personal opinion).

On another note, many people seem to feel that just renewing the subscription to virus definition updates is the same as buying the new program. Nothing could be farther from the truth, no matter if it is NAV, McAfee, or any other program (purchased or not). One must update the program so as to have it detect the new and different types of infections that exist. Resubscribing without updating allows one only to detect the new viruses that are of the same type that the installed version of the program can detect. For example, back in 2002, worms were very different than they are now. Any antivirus program designed in 2002 would be incapable of detecting a worm designed with 2007 technology.

Now, here is another issue for you: if Norton Antivirus is not the best antivirus package, then why is it the package of choice for the companies and organizations wanting the best security possible for their networks? Having worked for major corporations and for the federal government, I have seen first-hand that they use NAV as opposed to anything else available on the market. Before you try to say anything about pricing, let me say that I know that others have offered lower prices than NAV in the past but still NAV has won out. The reasons for this continued choice are stability, reliability, quality of support, frequency of definition updates, and quality of detection/removal of infections.
November 12th, 2007 6:12AM(PT)
LordShotGun
Sorry, CillChaoi, i have to agree with DeltaGorno, i have used norton with some succes and i agree that it is the best antivirus software.

Only for people like me who don't use the internet for porn and programs, i think freeware is fine.

But, if your one of those people who use limewire heavily then buy norton.
November 12th, 2007 6:24AM(PT)
Cillchaoi
As I said, LordShotGun, you may have your own opinion. However, as a professional in the field of network security, I can tell you that the facts do not support your opinion. Feel free to do whatever you wish, though.

I personally have gone for years without using antivirus programs on my machines at home and I have avoided getting viruses on them. Does that mean that having no antivirus is as effective as having Norton Antivirus? Of course not. It means only that I am careful about what I am doing. The issue is what is the best antivirus out there to detect infections. Norton Antivirus is the winner hands down.
November 12th, 2007 9:38AM(PT)
LordShotGun
Cillchaoi, just to clear us up I did say that I agreed with you about that norton is the best.....

Also, I have better then most experience, but compaired to people who make a living in your field Cillchaoi, I have only my opinions.
November 12th, 2007 11:32AM(PT)
iamjoe56
I have only My Opinions too. And Sadly, I wsh my parents would shell out the dough for a copy of NAV. We recetnyl switched over to Avast!. And I gotta say. I HATE IT! It gets in the way of my games, it has caused prografiles to become corrupted because it scanned them and "removed" a virus. I would much rather deal with NAV than ANYTHING else.
November 12th, 2007 1:06PM(PT)
DeltaGorno
Firstly, Kaspersky is a paid-for AV product. It has a free trial but beyond that it isn't a freebie.

Secondly there is a difference between Symantec Corporate and Norton, corporate has a much smaller footprint and a much smaller overhead on running. For an older PC, Symantec wont drag you down with bloat. Though they've made good progress in reducing the bloat; Norton 2003 was god-awful for slowing your PC down, Norton 2008 is reasonably efficient.

Looking at the various AV comparisons (av-comparisons.org for instance) there's almost bugger all difference between the various top AV suites, be it Norton, NOD32, Kaspersky or whatever. Notably the freebies tend to lose out on their polymorphic and heuristic tests, but said programming is a lot more complicated than standard signatures and being freebies their budget is less, so it kinda makes sense they aren't so hot on the unknowns.

It actually surprises me to hear an IT professional recommend Norton to a non-idiot home user. Every IT professional I know warns people who have some computer-savvyness well off Norton. Sour grapes from when Norton infected machines and refused to uninstall? Maybe.

Anyway, as I said unless you really are completely useless at not downloading less-than-savoury material from less-than-legal sites and are a complete muppet when it comes to opening every email attachment, a freebie AV scanner will be sufficient. A small amount of common sense goes a long way to preventing infection.
November 12th, 2007 1:08PM(PT)
DeltaGorno
Um, that would be av-comparatives.org of course. Damned repetition of words.
November 12th, 2007 2:14PM(PT)
iamjoe56
Well. The point remains Delta. That the governemnt uses it. So it has to have something going for it. ANd it is a whole hell of alot better than Anything I have tried.
November 12th, 2007 3:40PM(PT)
kspiess
I have not had good experiences with Norton over the last years. I used to fix a great deal of computers for people, and countless times I've seen Norton shut down by various malware.

Currently I'm a big fan of the online scan provided by Trend Micro (house call). It's free and very effective.
November 12th, 2007 4:07PM(PT)
Cillchaoi
Deltagorno,

I shall say that NAV 2003 could be configured to slow down any machine, as can any version of NAV, McAfee, or any other antivirus program out there. By default, NAV was set up to run scans that actually hampered the operation in favor of depth of scan. However, if one was smart and actually read the manual (if he were a non-professional since any professional would know how to properly set the options without reading the manual), he would discover the options that would need to be set to insure that the security was still there but the machine's operation was not compromised. All it took was about two minutes of setting some simple options.

Regarding Norton Antivirus non-corporate and Norton Antivirus Corporate, we were discussing operation. There is no difference between them save for the way it interacts with the machine on which it is installed and how it updates. Corporate edition typically depends on a local server to push out the new definition files and program updates as it receives them instead of going out to an external Symantec website to get the updates. Additionally, it interfaces with the command console so that virus scans can be triggered from remote at any time. Also, instead of scans being skipped (as they are when the machine is turned off at the scheduled scan time), the scans will take place as soon as the machines are turned on in the Corporate environment.

As for the website in question, not knowing much about who they are or how well they keep their software versions up to date (and considering that they say on their "About Us" page that they are university graduate students rather than professional software evaluators or others who have bona fide credentials), I do not put much faith behind their results. Further, any testbed can be designed to favor one set of candidates or another. What matters is real-world results. Having seen real-world results consistently over the past 18 years that I have operated my business, I have not seen anything that has been as consistently successful as Norton Antivirus.

As for Kaspersky, whether it is paid or not does not matter. It is a cut-rate product that is no better in the real world than McAfee, Sophos, AVG, Avast, or countless others.

I will agree with you on one point: avoiding infection to a great degree depends on using some common sense. However, the problem is that most computer users do not understand the common sense considerations when it comes to computer use or Internet use. For example, I run into plenty of people on a regular basis who think that just because they do not leave their web browser or other Internet-related programs running, they do not need to worry about their broadband-attached computer being infected by worms or viruses. Also, I meet many who think that no antivirus software is needed just because they don't download anything from the Internet. They do not realize that websites can install infections themselves. You may be one who realizes this but you are by no means in the majority in the world overall.
November 13th, 2007 3:37PM(PT)
DeathMonkey
Personally I've never liked any program that I just can't right-click in the task bar and close. Norton does that to my experience and has way too many pop-ups when I'm simply trying to play a game. Kaspersky on the other hand did the job for me just as well and can be turned off when I'm going to run a demanding game.
November 13th, 2007 7:37PM(PT)
iamjoe56
Good point, Monkey. I[by my parents choice] must put up wuith Avast!. It never shuts down. :-|

it uses almost no CPU time, but it does slow things down, I am sure.
It also interfered rather badly with my copy of BF2.
November 13th, 2007 8:31PM(PT)
Cillchaoi
As for Norton Antivirus, it can be deactivated easily by right-clicking with options to disable it for 15 minutes, 1 hours, 2 hours, 3 hours, 4 hours, or until system restart. However, you can also set it up so that you do not need to mess with it at all for any game that you play by setting the program to "Allow All" in the Norton Antivirus options.

As I said before, Norton Antivirus is very simple to set up and use if one either reads the manual or is an experienced professional and understands how it operates.
November 13th, 2007 9:02PM(PT)
iamjoe56
What Cillchaoi is trying to say, is that he is smart enough to use it, and we areant. (laugh)
November 14th, 2007 8:15AM(PT)
DeathMonkey
Bah, I could use it if I wanted to >.> I just find it intrusive. I haven't had an anti-virus on my computer in quite a long time now, and I'm not sure if its Vista doing a good job or I've simply been avoiding problems, but I haven't had any problems in that time.
November 14th, 2007 1:34PM(PT)
huntyr
I've had the displeasure of using Nortan as well. While its true you can disable it for a period of time, Nortan still sometimes activates and its damn near impossible to actaully get off your system. To me a good AV package is non-intrusive and should be appear to be invisible. Norton is such a hog you really cant do much while it protects you.
November 15th, 2007 6:36PM(PT)
Cillchaoi
Once again, I will say that if one sets up the software correctly, there is little notice that it is actually installed and doing its job. Further, as far as having problems removing it, I shall say that I have had problems with 3 installations out of the 1000 or so that I have done in the past three years. (I checked my logs to verify these numbers.) Those problems were found to have been caused by people telling Norton to ignore certain infections rather than to remove them. In those three cases, I downloaded a utility from Symantec to remove the corrupted version of Norton Antivirus in a matter of minutes. The download is small enough to fit onto a floppy and goes out to remove all traces (i.e. files and registry entries) of the previous version so that it can be reinstalled or something else can be installed in its place.

Now I will say one other thing and that is that no antivirus program that is worth using will actually be non-intrusive because it does need to scan certain things for it to be able to do its job. How you have it configured is what makes the difference. If, for example, you have it configured to scan every file as it is opened, then the running of programs will be very very slow since that means that every executable, every .dll, every configuration file, and so forth will be scanned as the system opens them to run the program in question (such as MS Word). Testing that type of configuration on my system, I found that opening MS Word 2007 took over 5 minutes instead of about 5-6 seconds. This is part of the reason for the option of "SmartScan." It goes out and checks only the files that can potentially be infected by viruses. Why bother to scan a .cfg or .txt or even a .jpg file? They cannot carry anything that would infect the computer.

The inability to set up the software to operate correctly does not mean that the software is bad. It means only that the user is lacking the knowledge to configure it to work the way he desires. If that is the case and the user is not willing to read the manual to learn how the settings affect the operation, then that is his own fault, not that of Symantec.
November 23rd, 2007 7:05AM(PT)
craig
Norton, whilst you claim to be excellent, is infact a terrible product.

They bundle it with every possible machine, and you know what users do don't you! click ignore, disable it, half uninstall the thing as they get too many popups.

We are talking about the larger scheme of things. many people love the idea that they can tell their pc to turn off, and it cuts the power out automatically! And you expect these same people to configure a piece of software that is about as far removed from user friendly as you can get.

No, they tend to install AVG, accept all the defaults, and at least have some kind of protection (not to mention system performance).

Norton in its pre0installed form is the equivalent of bricking up all your windows when you want to jsut close the curtains.

Try secret maker. an alternative product (not av), very good as well, you can lock so much down with this app, yet it gets so annoying, you delete it, remove it, ignore it or what not.

THE BEST ANTIVIRUS OUT THERE IS THE ONE THAT DOESNT NEED SPECIAL CONFIGURATION, HAS ABOUT TWO BUTTONS, OF WHICH THEY NEVER NEED TO CLICK!
November 26th, 2007 12:21PM(PT)
DeathMonkey
Yeah thats good for people who don't really know what they are doing.
November 26th, 2007 12:58PM(PT)
Cillchaoi
Craig,

Actually, it is McAfee that is most commonly bundled with machines and which causes problems. I have seen only a very small number of machines that actually put in Norton Antivirus with their software bundles of late. The reason for this is that McAfee, being as pathetic it is, cannot maintain its market share if it competes on the same ground as Norton Antivirus: quality for the price. Thus, they make deals with manufacturers (look at Dell as a prime example) to give them the software for little to no cost. That gets their software out there and affects the manufacturers' costs minimally. They also know that most people will just renew their subscriptions rather than actually go through the trouble of going out and getting the newer, better software, so it is a way for McAfee to make money without having to do much at all.

As for your claim that the best antivirus out there is one that you do not need to configure, if that is truly what you believe, then you are delusional. Every good antivirus program will need to be configured to the user's preferences. Some want more protection at the cost of performance while others want to feel like they are getting some form of protection but are unwilling to sacrifice much performance at all. Having worked in this industry as a certified professional (with thirteen certifications at this point) and business owner for the past 18 years, I have seen a number of antivirus programs that people have used and I have found them each to be lacking in one way or another. Norton Antivirus was not always as good as it is now. As I mentioned in a previous post, NAV 2002 was extremely problematic. The advantage that Symantec has over the other companies, though, is that they learn from their mistakes and correct them. I haven't seen that happen with other companies, especially McAfee.

Now I shall say that many people confuse Norton Antivirus and Norton Internet Security (which includes NAV). I have never recommended NIS nor will I ever recommend it to anyone who has a broadband connection. The best protection to use in the case of broadband connectivity is NAV and a hardware firewall. NIS is a nuisance as you must answer one question after another when trying to run a program that tries to reach out to the Internet. Further, it does bog down a system's performance. The same is true with McAfee's package. Unless you have a dial-up connection and, thus, cannot use a router, do not get anything other than Norton Antivirus.

For people who do not know what they are doing, I definitely recommend the new version of Norton Antivirus: NAV 2008. It is very clean, very easy, and requires very little configuration (even less than 2007) to get the best detection. If you don't want to mess with it (or you don't know what the options are despite the fact that you have the manual right in front of you), then you needn't do so. The default protection is good enough for many home users.

- This news story is archived and is closed to new comments now -

  RSS Feeds

Latest Comments
Most Comments
Latest Net Reviews:
·Zalman GS1000
·ZOTAC GeForce 9500 GT ZONE
·GeIL Ultra PC3-12800 Kit
·OCZ ReaperX HPC PC2-6400 Kit
·Zalman CNPS9300 AT
·Thermaltake DuOrb

Latest Inhouse:


Compare Prices

Motherboards
 Abit
 ASUS
 Gigabyte
 Intel
 iWill
 Shuttle
 Soyo
 Super Micro
 Tyan
 More...

Processors
 AMD
 Intel
 More...

Memory
 SDRAM
 RDRAM
 DDRAM
 More...

Video Cards
 ATI
 Visiontek
 PNY
 3Dfx
 More...

search for lowest prices

(0.0270/mc/nova)