Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Top 10 Botnet Threat Report for 2010 Released by Damballa

Damballa Inc., at the RSA Conference in San Francisco today released its “Top 10 Botnet Threat Report – 2010” which revealed a dramatic increase in Internet crime and targeted botnet attacks. At its peak in 2010, the total number of unique botnet victims grew by 654 percent, with an average incremental growth of eight percent per week.

Damballa Inc., at the RSA Conference in San Francisco today released its “Top 10 Botnet Threat Report – 2010” which revealed a dramatic increase in Internet crime and targeted botnet attacks. At its peak in 2010, the total number of unique botnet victims grew by 654 percent, with an average incremental growth of eight percent per week.

“Prior to 2010, many people thought in terms of spam and DDoS whenever the term ‘botnet’ was discussed,” said Gunter Ollmann, vice president of research, Damballa. “By the end of the year, botnets such as Mariposa, Aurora, Koobface and Stuxnet had become household names – revealing the breadth of crime commonly being facilitated with remotely controllable bot agents.”

Botnets 2010

The eight-page Damballa report reveals that many new botnets were discovered in 2010. Some highlights include:

• Of the Top 10 largest botnets in 2010, six of these botnets did not exist in 2009, and only one (Monkif) was present in the 2009 Top 10 largest botnets.

• The biggest botnet of 2010 (a botnet associated with the TDL Gang), dramatically rose to international attention in the second half of the year – claiming nearly 15 percent of all unique infected victims in 2010.

• The Top 10 largest botnets in 2010 accounted for approximately 47 percent of all botnet compromised victims – down from 81 percent of the 2009 Top 10. This decrease was not unexpected as the number of new criminal botnet operators increased, as did the average number of botnets owned and managed by each botnet master.

• Of the tens-of-millions of infected systems identified in 2010, Damballa ascertained that more than 35 percent of unique IP addresses infected were simultaneously victims of two or more different botnet campaigns.

Damballa suggests that it is important to note that the substantial growth in botnet infections observed is a reflection of the following:

• The second half of 2010 saw the rapid evolution of many popular botnet do-it-yourself (DIY) construction kits and the increased availability of feature-rich browser exploit packs.

• Cyber criminals providing specialized malware distribution services became more proficient at installing bot agents on behalf of their customers (i.e. botnet operators).

• The last quarter of 2010 was heavily influenced by the rapid growth of botnets utilizing the TDL master-boot-record (MBR) rootkit technology.

• Damballa developed and deployed multiple new command-and-control detection technologies that increased its ability to detect additional categories of stealthy botnet deployments.

The report notes that whether using well known techniques, or the latest in armoring and deception, botnets continue to dominate the cyber threat landscape. With malware that can be repurposed, botnets that can be rented, and new and attractive targets in the proliferation of smart phones and mobile devices, 2011 will be a challenging year for enterprise security teams and service provider network abuse professionals.

The full report is available here (Direct PDF Download)

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack