Life of a Botnet: Growth in Spurts

Tuesday, March 12, 2013 @ 03:03 PM gHale

Botnets come and botnets go and some just chug along on their merry way delivering spam and malicious emails to the masses on a daily basis.

But the good news is McAfee’s latest threat report found there is a continuing decline in global messaging botnet infections. Having said that, the report also found there are occasional new spikes.

Botnet Thriving after Six Years
New RAT in Beta
RAT Looks Innocent, but it Attacks

Bobax (alias Kraken), Donbot, Grum, Fivetoone, and Rustock are just shells and are effectively dead, while the numbers from the report show the Bagle botnet is also on the way out.

Festi, Cutwail, Lethic, and Maazben are still out there, doing damage, but they are also in decline, the report said.

Finally, the botnets that are now growing are Darkmailer, Waledac, Slenfbot, and Kelihos.

“Darkmailer is a spam tool first released in 2003. Each month for three years a small number of senders has been systematically detected by our sensors. In January 2013, we saw a dramatic increase in senders–suggesting a possible evolution in its spamming technique,” McAfee researchers said.

Waledac and Kelihos, which researchers said have the same author for the malware, have suffered hits by law enforcement agencies.

But that has not stopped their botmasters who continue to fight to bring them back. In the case of the Waledac botnet, the Polish CERT has partially stopped the botmasters’ efforts to use the Virut botnet to build a new Waledac.

Slenfbot is an IRC bot family known since 2008, and its recent proliferation is partially due to its distribution mechanism: Links dropped in messages via chat, instant messaging applications and Facebook.

Leave a Reply

You must be logged in to post a comment.