2010 saw a dramatic increase in cyber crime and targeted botnet attacks, and at its peak around Christmas, the total number of unique botnet victims was 654 percent greater than the victim population at the beginning of the year, according to a new report.
“Prior to 2010, many people thought in terms of spam and DDoS whenever the term ‘botnet’ was discussed,” said Gunter Ollmann, vice president of research, Damballa. “By the end of the year, botnets such as Mariposa, Aurora, Koobface and Stuxnet had become household names – revealing the breadth of crime commonly being facilitated with remotely controllable bot agents.”
Damballa’s “Top 10 Botnet Threat Report – 2010” found that of 2010’s 10 largest botnets, six did not exist in 2009 and only one (Monkif) was present in the previous year’s list of 10 largest botnets.
The dubious honor of ranking first went to TDLBotnetA, a botnet that claimed 14.8 percent of all unique infected victims in 2010. It has been associated with the TDL Gang – a crime ring known for its advances in master-boot-record rootkit technology and its commercially available DIY botnet construction kit, Damballa said.
RogueAVBotnet and ZeusBotnetB ranked second and third, respectively, followed by Monkif, Koobface.A, Conficker.C, Hamwek, AdwareTrojanBotnet, Sality and SpyEyeBotnetA.
The significant spike in botnet infections has been linked to the rapid evolution of the many botnet DIY toolkits and the increased access to exploit packs, Damballa said. Also, another factor Damballa said played a role in the growth of botnet infections was the cyber crooks becoming more proficient at installing bot agents on behalf of botnet operators.