Gaobot and Sdbot Widely Offer Their Codes for Bots

A bulk of bot related detections can be associated to the twin botnet families, according to a recent research. The Gaobot and Sdbot families of botnets were behind the generation of 80 percent of bots during the first quarter of 2007, Software Company PandaLabs report disclosed. Other bot culprits responsible, though on a lower intensity, comprised of Oscarbot, RXbot or IRCbot.

Bots are trojans or automated worms that place themselves on compromised PCs to carry out certain malicious actions automatically. They turn the computers into zombies and use them to send out masses of spam. Botnets, which are networks of bot-infected computers, are now a lucrative model for cyber criminals.

Sdbot and Gaobot's preferences are not as much for their special characteristics as their widely available codes via the Internet. Thus any criminal intending to create a bot can use the code as the source to base his threats, thereby saving a lot of effort on his part. Of course he can make the desired modifications to the code according to his choice, said Luis Corrons, technical director of PandaLabs, in his company press release. PR Newswire published the press release on April 11, 2007.

In 2006, there were 13 percent of bot detections from the total new threats with Sdbot and Gaobot networks generating three quarters of them.

Until now, IRC servers controlled most of the bots that enabled attackers to commandeer instructions while keeping themselves anonymous behind chat servers. But now web consoles employing HTTP code are more successful in controlling bots.

Truly enough, IRC is appropriate to control individually isolated computers whereas HTTP is useful when bot herders want to control a larger number of computers simultaneously. It also helps to notice when one computer goes online or if there is proper execution of commands, Corrons added.

To prevent bot risks, it is essential for businesses and consumers to deploy proactive security solutions that can detect those bots without the need for their previous identification, Luis Corrons concluded.

In a recent report by software developer ESET, the company indicated that botnets were the most prevalent malware during March this year.

» SPAMfighter News - 4/20/2007