Damballa Releases List of 10 Leading Corporate Botnets
On February 17, 2010, the security company Damballa disclosed the ten leading botnets attacking the corporate networks in 2009.
As per the list, Zeus botnet was one of the rampant botnets to hit corporate in 2009, estimating for almost 20% of total bot infections. The Trojan is chiefly known for stealthily acquiring users' online banking details as well as other financial data.
Koobface made its entry thrice in the list - with Koobface.B accounting for 15% of the new botnet attacks within the corporate networks in 2009, Koobface.D appeared with 5% and Koobface.C accounted for 4%. The security researchers claimed that Koobface was able to efficiently influence social networking platforms and capture the victim's accounts to infect the way between systems, thereby breaching millions of innocent hosts.
Appearing at the third position, ClickFraudBotnet, estimating for 9% of attacks in 2009, is the only botnet run by a criminal team that aimed at sophisticated click-fraud assaults and carried out their activities within the corporate networks. The team employed several different kinds of malware, belonging to different malware families. Unlike many other large-scale botnet infections, they did not belong to a single family of malware- e.g. Conficker, Zeus, Koobface, etc. In fact, several malware they used do not have any anti-virus names. Also, they have not been detected by any of the present anti-virus products.
SpamFraudBotnet followed ClickFraudBotnet, estimating for 8% infections. It also targeted the enterprise systems to do their bidding for monetary gain, instead of stealing anything from the attacked enterprises.
Vice President of research for Damballa, Gunter Ollmann, stated that enterprise bots are particularly precious for spamming and click fraud purposes as they come with IP addresses having good reputation, which indicates that they can easily get through anti-spam gateways using IP reputation filters, reported Dark Reading on February 17, 2010.
The research also shed light on the fact that the four leading botnets estimated for half of total botnet infections affecting enterprise networks in 2009. MonkifBotnetA (8%), KoobfaceBotnetD (5%), TidservBotnet (5%), MonkifBotnetB (4%), KoobfaceBotnetC (4%), and ConfickerBotnetA (4%) were the others to follow in the top 10 list.
Related article: Damballa Says, 2008 will be year of Targeted Attacks and Botnet
» SPAMfighter News - 23-02-2010