Author | Message |
---|---|
Methodman n00b Posts: 36 | You know about the Storm Trojan, which is spread by the world's largest botnet. But what you may not know is there's now a new peer-to-peer based botnet emerging that could blow Storm away. "We're investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication," says Tripp Cox, vice president of engineering for startup Damballa, which tracks botnet command and control infrastructures. "We can't say much more about it, but we can tell it's distinct from Storm." It's hard to imagine anything bigger and more complex than Storm, which despite its nefarious intent as a DDOS and spam tool has awed security researchers with its slick design and its ability to reinvent itself when it's at risk of detection or getting busted. Storm changed the botnet game, security experts say, and its successors may be even more powerful and wily. (See Attackers Hide in Fast Flux and Researchers Fear Reprisals From Storm.) Botnets are no longer just annoying, spam-pumping factories -- they're big business for criminals. This shift has even awakened enterprises, which historically have either looked the other way or been in denial about bots infiltrating their organizations. (See Bots Rise in the Enterprise.) "A year ago, the traditional method for bot infections was through malware. But now you're getting compromised servers, with drive-by downloads so prevalent that people are getting infected without realizing it," says Paul Ferguson, network architect for Trend Micro. "No one is immune." Researchers estimate that there are thousands of botnets in operation today, but only a handful stand out by their sheer size and pervasiveness. Although size gives a botnet muscle and breadth, it can also make it too conspicuous, which is why botnets like Storm fluctuate in size and are constantly finding new ways to cover their tracks to avoid detection. Researchers have different head counts for different botnets, with Storm by far the largest (for now, anyway). Damballa says its top three botnets are Storm, with 230,000 active members per 24 hour period; Rbot, an IRC-based botnet with 40,000 active members per 24 hour period; and Bobax, an HTTP-based botnet with 24,000 active members per 24 hour period, according to the company. Here's a look at the world's top three biggest botnets. * Storm * Rbot * Bobax --------------------------------------------------- 1. Storm Size: 230,000 active members per 24 hour period Type: peer-to-peer Purpose: Spam, DDOS Malware: Trojan.Peacomm (aka Nuwar) 2. Rbot Size: 40,000 active members per 24 hour period Type: IRC Purpose: DDOS, spam, malicious operations Malware: Windows worm 3. Bobax Size: 24,000 active members per 24 hour period Type: HTTP Purpose: Spam Malware: Mass-mailing worm More info: http://www.darkreading.com/document.asp?doc_id=138610&page_number=4 |