Damballa Unveils Top Ten Botnets of the US

Security firm Damballa says that both the activity and size of botnet in the US are surging, reported cio.com on July 22, 2009.

Security experts at the firm state that botnet attacks are rising with gangs of cybercriminals using hacked systems to circulate spam, commit click fraud, engage websites in denial-of-service attacks and steal confidential details.

Zeus Trojan is reported to be the most malicious botnet that has compromised 3.6 Million systems in the US. This Trojan makes use of key-logging techniques for stealing sensitive data like passwords, usernames, credit card numbers as well as account numbers. In order to steal user credentials, it injects bogus HTML forms into online bank login pages.

Koobface virus is the second most malicious botnet. It is estimated that this malware has infected overall 2.9 Million computers. It spreads through social networking websites Facebook and MySpace with phony comments or messages from "friends". When a user is lured into clicking a given link for viewing a video, he is prompted to get a necessary update, such as a codec, but the fact is that it is a malware that acquires control over the user's PC.

TidServ is ranked No. 3 in the list of most malicious botnet as it is behind compromising 1.5 Million computers in the US. Spam e-mail is the medium through which this downloader Trojan propagates. It makes use of the rootkit technique to run in some of the common Windows facilities or in Windows safe mode. The Trojan can hide most of the Windows files as well as registry entries.

Fourth, fifth and sixth positions are occupied by Trojan.Fakeavalert, TR/Dldr.Agent.JKH, and Monkif respectively that infected 1.4 Million, 1.2 Million and 520,000 computers in the US in the same order.

Hamweq stood seventh by compromising 480,000 computers in the country. This, in turn, is followed by Swizzor that compromised a total of 370,000 PCs. Gammima, standing at the ninth position, compromised 230,000 systems in the US. Interestingly, it is the same worm that infiltrated the International Space Station during last year's summers.

And lastly, tenth position is backed by Conficker worm that is also called Kido or Downadup. It was responsible for compromising total 210,000 US PCs.

Related article: Damballa Says, 2008 will be year of Targeted Attacks and Botnet

» SPAMfighter News - 8/6/2009