Top 10 botnets of 2010
Damballa’s “Top 10 Botnet Threat Report – 2010” shows a dramatic increase in Internet crime and targeted botnet attacks. At its peak in 2010, the total number of unique botnet victims grew by 654 percent, with an average incremental growth of eight percent per week. The report reveals that many new botnets were discovered in 2010.
Additional highlights include:
- Of the Top 10 largest botnets in 2010, six of these botnets did not exist in 2009, and only one (Monkif) was present in the 2009 Top 10 largest botnets.
- The biggest botnet of 2010 (a botnet associated with the TDL Gang), dramatically rose to international attention in the second half of the year – claiming nearly 15 percent of all unique infected victims in 2010.
- The Top 10 largest botnets in 2010 accounted for approximately 47 percent of all botnet compromised victims – down from 81 percent of the 2009 Top 10. This decrease was not unexpected as the number of new criminal botnet operators increased, as did the average number of botnets owned and managed by each botnet master.
- Of the tens-of-millions of infected systems identified in 2010, Damballa ascertained that more than 35 percent of unique IP addresses infected were simultaneously victims of two or more different botnet campaigns.
It is important to note that the substantial growth in botnet infection is a reflection of the following:
- The second half of 2010 saw the rapid evolution of many popular botnet do-it-yourself (DIY) construction kits and the increased availability of feature-rich browser exploit packs.
- Cyber criminals providing specialized malware distribution services became more proficient at installing bot agents on behalf of their customers (i.e. botnet operators).
- The last quarter of 2010 was heavily influenced by the rapid growth of botnets utilizing the TDL master-boot-record (MBR) rootkit technology.
- Damballa developed and deployed multiple new command-and-control detection technologies that increased its ability to detect additional categories of stealthy botnet deployments.