Botnets Continue their Rise

Monday, January 5, 2015 @ 04:01 PM gHale


Bad guys operating botnets registered more command and control (C&C) servers this past year than they did in the previous year, researchers said.

The increase shows 7,182 IP addresses served at some point during the year as a C&C server, the number being higher with 525 addresses, compared to 2013, according to the report from Spamhaus. Translated into percentage, this accounts for a 7.88 percent increase.

RELATED STORIES
IBM Patches Mobile Offering
New Trojan for iOS
New OS X Botnet
Mitigations for DDoS Toolkit Attacks

Spamhaus tracks down email spam and maintains lists with the IPs the unsolicited messages originate from. These lists end up used with email servers and by Internet Service Providers (ISPs) to cut down spam delivered to users.

The organization also manages a Botnet Controller List (BCL), with the specific purpose of providing other entities with the means to protect their users. The BCL consists in IPv4 addresses that can end up blocked without fear of affecting legitimate traffic since they point to no legitimate services.

The report said the botnet controlling addresses ended up dispersed across 1,183 different networks and hosted on compromised web servers.

As per Spamhaus’ data, most of the C&C servers this year were in the OVH network in France, which hosted 189 of them.

Networks in other countries are also available in a top 20 created by the organization, Russia topping the list with 278 command and control servers distributed over four networks. Netherlands was a major country with four networks hosting 265 C&C servers.

As far as malware families infecting the computers, Spamhaus lists ZeuS banking Trojan at the top of the list, followed by Citadel. Both of them have been on the radar of law enforcement and security researchers, who joined efforts in dismantling the networks of infected machines.

Coming in third place is Asprox malware, specifically designed for recruiting new machines for the botnet with the same name. Its operators often rent it to cybercriminals that distribute different pieces of malware.

Other malware families included in the report from Spamhaus are Dyre (also known as Dyreza), Shylock (which law enforcement officials already targeted), Tinba (which emerged as the smallest banking Trojan), Vawtrak (also known as Neverquest) and Geodo.

For 2015, botnet activity is not optimistic and cybercriminals will continue to resort to infecting large amounts of computers in order to achieve their financial goals.



Leave a Reply

You must be logged in to post a comment.