The Worst Botnets of 2012

The Worst Botnets of 2012

November 15

Part of business continuity and disaster planning is avoiding disasters, if at all possible. Anybody connected to the internet faces threats from malware, viruses, and more. Cyber-criminals want your information and you must keep if safe.

Each infected unit is known as a bot, forming a full-fledged botnet once several networked computers are infected by the malware. A hacker can use the software to command and control all of the infected units, and then use those to spread the malware to other units or steal information from any of the infected devices.

For business continuity efforts to work, it’s important to understand the various threats you face so you can plan against them. With that in mind, security firm Kindsight released their list of the top ten worst botnets of 2012. Let’s take a look at Infoworld’s analysis of these top offenders so that we know which have been stopped, and what those that are still at large are doing.

Grum: Responsible for 18 billion spam messages per day. Grum was shut down in July.

Lethic: Responsible for 28% of all spam, you’ve likely encountered some of its spam in your email box.

Festi: Following Grum’s shut down, Festi infected 250,000 unique IP addresses.

Cutwail: Distributed denial-of-service (DDoS) attacks against hundreds of websites.

Zeus: An estimated 944 Zeus command and control (C&C) servers are in use today, these servers allow cybercriminals to use a built-in control panel and a builder to create executables that infect victim computers and steal banking information and other sensitive data.

SpyEye: Designed to steal consumer banking data. An estimated 278 SpyEye C&C servers are estimated to be in operation.

Citadel: Based on Zeus’ original code, Citadel is unique because of the network of criminals using it.  Developers have created a social network allowing users to report bugs and even suggest new features. 2012 has seen a 20 % increase in Citadel Trojan attacks.

ZeroAccess: Currently the fastest growing botnet, ZeroAccess has gone from 1 million to 2 million super nodes globally. ZeroAccess is primarily used for ad-click fraud whereby a victim’s computer is instructed to repeatedly click pay-per-click ads on a website which raises the total amount of money the advertiser must pay the site owner.

TDL-4: This botnet removes competing malware, hides from detection and installs a master boot record. The newest variant of TDL-4 has infected approximately 250,000 unique victims.

Flashback: Infected hundreds of thousands of Mac computers last spring. Flashback primarily collects passwords to sites like Google and Paypal allowing cybercriminals to take over victim’s accounts. As of last April, it had infected 10 percent of home networks with Mac computers.

You can avoid many of the above threats by having strong passwords, using firewalls, avoiding malicious websites, and installing anti-virus and anti-malware software. There are a lot of free software options for Windows computers such as Microsoft Security Essentials, and there are a handful of options for Mac as well. Free software will not offer the protection you can get from paid software but it is still much better than nothing, so be sure to do what you can to protect yourself from these threats.