CnC Servers within Botnets Increased During 2014, Reports Spamhaus

Spamhaus, the agency that since 1998 has been garnering as well as revealing details about spammers, lately published a report highlighting how cyber-criminals owning and running botnets have added a relatively more count of CnC servers during 2014, thus published softpedia.com dated December 31, 2014.

It is further highlighted that botnets' objectives are now different from those of the past when botnets were mainly utilized for distribution of spam. But today, these are used for filching financial and banking details, carrying out click-fraud as well as launching DDoS assaults along with other sinister operations.

Spamhaus discovered that a total of 7,182 Internet Protocol addresses had at least once in 2014 acted like a CnC system, a number higher than during 2013, with a 7.88% rise.

As per the report, botnets manipulating IPs had been spread across 1,183 separate networks while their hosts were hijacked web-servers. Spamhaus through its data shows that majority of the command-and-control (CnC) systems, during 2014, were placed within France-based OVH network that supported 189 of the same.

Other nations too have networks that are ranked on a list of the biggest twenty that Spamhaus compiled, with the maximum networks in Russia wherein 278 CnC systems are dispersed across 4 networks. Another predominant country Holland has 4 networks as well with 265 CnC systems.

Meanwhile, there's also mention of malicious programs in the report. Zeus along with other malware designed with Zeus source code that got leaked, as well as KINS and Citadel had been found maximally involved with identified bot-herders. The mentioned malware strains help in hijacking financial transactions over the Internet. Nevertheless, the list also included malware that supported click-fraud and spam.

During 2014, botnet command and control domains counting 3,793 existed created solely for hosting botnets. The number, however, doesn't include domains obtainable from non-chargeable subsidiary domain services or domain-names that have been compromised.

The country-based domains and top-level domains (TLDs), which bot-herders most heavily misused during 2014 were .su, .ru, .com, .info and .net.

As for domain registrars that bot-operators prefer, several companies resorted to have been enormous; consequently, there's possibility of botnet domains getting leaked online.

» SPAMfighter News - 1/9/2015