Botnets Took Control of 12 Million New IPs this Year

by Kim Zetter, Wired

Botnet criminals have taken control of almost 12 million new IP addresses since January, according to a quarterly report (.pdf) from anti-virus firm, McAfee. The United States has the largest number of botnet-controlled machines, with 18 percent of them based here.

The number of zombie machines represents a 50-percent rise over last year.

Researchers attribute the explosion to botnet controllers trying to recoup spamming abilities after authorities took down a hosting facility last year that catered to international firms and syndicates involved in spamming and botnet control.

Researchers estimated that spam levels dropped about 60 percent after the hosting facility was closed. Last year at this time, an average of 153 billion spam messages were sent per day, while numbers in March this year show that the rate was on average about 100 billion messages per day. But researchers say the spam numbers will return to normal as criminals re-build their networks of captured computers.

“The question is not whether spam will return to previous levels, but rather
when it will return,” the report says. “There is data regarding new zombie and botnet creation that suggest the time may not be too far in the future.”

In terms of the numbers of zombie machines by country, China came in second after the United States, with about 13 percent. After this, the numbers dropped precipitously to 6 percent in Australia, 5.3 percent in Germany and 4.7 percent in the United Kingdom. Russia, where many cyber criminal syndicates are based, accounted for only 2.5 percent of the compromised computers.

But botnets aren’t only used for spam. A separate report was issued this week (.pdf) by researchers at the University of California at Santa Barbara who spent 10 days in control of the so-called Torpig botnet and observed 70 gigabytes of data being stolen from computers remotely-controlled by the botnet, including financial data. The harvested data included 1.2 million Windows passwords and 1.2 million e-mail items, such as e-mail addresses and log-in credentials.

“In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different [financial] institutions,” the researchers write. “The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), E*Trade (304), and Chase (217).”

Torpig’s malware attacks e-mail clients and other applications to record every keystroke entered by a victim, including passwords before they’re encrypted. The purloined data is uploaded every 20 minutes in bundles sent to the botnet’s controllers.

The botnet is controlled by the Mebroot rootkit, which “takes control of a machine by replacing the system’s Master Boot Record (MBR),” the researchers write. “This allows Mebroot to be executed at boot time, before the operating system is loaded, and to remain undetected by most anti-virus tools.”

Copyright © Jewish Internet Defense Force
All Rights Reserved

The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to
Related Posts with Thumbnails