New Zealand botnet crackdown dangerous despite 2007 bots drop

December 3, 2007

Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².

The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.

Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.

“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.

Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.

Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.

Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.

Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.

Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.

Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.

¹ Source: PandaLabs: Bots infection rate.

JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%

² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia

³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.