SpyEye Leads Botnet in First Half of 2011

Though, DIY crimeware kits like Zeus and Neosploit still tops malicious malware, but SpyEye has scored the highest during the first half of 2011, reports Damballa in its survey, on eWeek on September 7, 2011.

The Damballa botnet operation generated by the reputed SpyEye do-it-yourself (DIY) construction set bagged the topmost position in 2011 from being the 10th scorer in 2010.

The report further revealed that 8 out of top 10 botnet operators have employed off-the-shelf kits and altered the code or even integrated them with new kits eventually for articulating such campaigns.

According to Damballa revelation, the top 3 botnets itself accounted for about 25% of the infected population, whereas the total top 10 botnets accounted for only an approximated 56% of all botnets compromised victims. Last year, only 47% were accountable due to the top 10 listed botnets.

Cyber criminals had been honing their skills for employing crimewares that can be repurposed for multiple scam opportunities in 2011, remarked Gunter Ollmann, Vice President of research for Damballa. However, the multiple scam opportunities indicate selling or leasing the same to other criminals, which is reason enough for successfully infiltration of the mobile space, remarked MarketWatch on September 7, 2011.

Moreover, Damballa Lab also explored in its Advanced Threat Report Survey that the most well-liked TLDs (.com, .info, .net, .org and .biz) take the top 10 hotspots being the most abused by criminals.

Over the years, favoritism leads cyber criminals to be over responsive towards particular TLDs. Some of the factors responsible for such enhanced response include registrars responsiveness to external takedown requests, the enforcement and verification of registrant details, and the ease of registration. However, the aggregate resultant still follows that some TLDs are more frequently abused than others.

However, the biggest surprise is associated to the presence of the Indian ".in" ccTLD in the Top 10 list. As already the .in ccTLD ha already remained on top focus of abuse over recent past as the genesis for many C&C servers.

Damballa Lab also incorporated the hijacked Android devices in its survey. Over a period of six months in 2011, the number of hijacked Android devices that has been engaged in live communications with illegal operations has achieved a significant rate.

Related article: SAP Admits the Charges of Downloading Oracle’s Data

» SPAMfighter News - 9/17/2011