The Top Threats Behind Today's Baddest Botnets

Ever wonder about the threats behind some of today's most buzzed about botnets? Lavasoft Malware Labs has pieced together a list of top infections that put users in danger of becoming part of a botnet, allowing you to take a closer look at these threats. If you're an Ad-Aware user, you can rest easy - these threats are detected by Ad-Aware; the family name for each of the threats in Ad-Aware's Detection Database is listed below.

1. Conficker

Lavasoft Family: Win32.Worm.Downadup

Conficker, also known as Downup, Downadup and Kido, is a worm that originally surfaced in the end of 2008, when it began exploiting a vulnerability in Microsoft Windows. The botnet of infected machines is thought to be made up of several million PCs (estimates range from 3 to 12 million). It was speculated in some reports that on April 1, when the malware was scheduled to check for updates, it would activate, creating havoc and damaging millions of machines. While April 1 passed quietly, the threat posed by Conficker still exists. The botnet is capable of carrying out criminal commands in order to make a profit for its creators.

2. Kraken/Bobax

Lavasoft Family: Win32.Worm.Bobic

According to industry experts, the main purpose of the Bobax botnet, also known as Kraken, seems to be to create a large-scale, automated spamming network. Users unwittingly infect themselves with the Trojan when viewing a file with a hidden extension, disguised as a typical image file. Estimates put the number of infected machines at about 400,000. The botnet is reportedly able to send out up to 500,000 spam messages a day. ¹

3. Srizbi

Lavasoft Family: Win32.TrojanDownloader.Exchanger

During its prime, the Srizbi botnet, also known as Cbeplay and Exchanger, was known to be one of the world's largest botnets. The botnet is comprised of machines infected by the Srizbi Trojan, which has been distributed through drive-by downloads and socially engineered e-mail lures. Reports claim that the Srizbi botnet is made up of at least 450,000 infected machines; the botnet is capable of sending an estimated 60 billion spam messages on a daily basis.² Srizbi declined in November 2008, following the shutdown of hosting provider, McColo, which was exposed by experts in the security industry.

4. Rustock

Lavasoft Family: Win32.Backdoor.Rustock

Rustock makes up a family of rootkit-enabled backdoor Trojans, ultimately developed to propagate spam. The Rustock botnet, experts say, is able to send an estimated 30 billion spam messages per day.³ Users have been infected by clicking links in spammed messages, disguised as news headlines; the user downloads the malware that installs the botnet after being prompted to install a codec, supposedly needed to view a video news clip.

5. Storm

Lavasoft Family: Win32.Worm.Zhelatin

The Storm Worm follows the usual method of operation: social engineering tactics are employed to infect users with the malware (in this case, a worm), compromise PCs, and ultimately form a botnet used to propagate cyber crime. The name "Storm" was coined in January 2007, when this threat was first spotted in e-mail messages claiming to have news of the deadly storms plaguing Europe at that time. Since then, it has changed tactics numerous times to mimic current events and news stories. Estimates of infected PCs vary greatly, ranging from 1 million to 50 million computer systems.⁴

------------------------------------------------------------------------

¹ http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=211201307
² http://en.wikipedia.org/wiki/Srizbi

³ http://www.theregister.co.uk/2008/11/18/short_mccolo_resurrection/
⁴ http://en.wikipedia.org/wiki/Storm_worm_botnet