contents

software
 
74% of All New Bots Detected in 2006 Belonged to the Gaobot and Sdbot Families, Reports PandaLabs

According to PandaLabs, in 2006, more new variants of bots were detected than any other type of malware barring Trojans. The vast majority of these variants belonged to just eight families. In fact, over 74 percent of new bot detections were from just two families: Gaobot (37.52%) and Sdbot (36.63%).

Bots are programs that go resident on computers listening for commands and giving their creators control over compromised systems. Once they have control over several hundred computers, cyber-crooks can combine them all to create botnets.

"There is a lucrative business in botnets. The bot herder (the creator of the botnet) can rent out the network to the highest bidder. Once they have hired the botnets, cyber-crooks use them for a wide range of criminal activities including downloading malware onto infected computers, distributing spam or phishing messages or causing denial of services. The bot herder can also use the botnet for their own activities, although this is less common", explains Luis Corrons, Technical Director of PandaLabs.

A clear example of this type of business model occurred in June 2006, when Panda Software dismantle a criminal scam using botnets to defraud 'pay-per-click' systems. The cyber-crooks had opened several web pages and subscribed to 'pay-per-click' systems. They then used botnets, comprising more than 50,000 zombie computers infected with Clickbot.A to access fraudsters' websites and click on the adverts. So with every click, the crooks were being paid, when in reality there were no actual visits to these websites.

The other families that accounted for more than one percent of the new variants detected in 2006 were: IRCbot (7.60%), Rxbot (4.09%), Oscarbot (3.58%), Spybot (2.75%), Poebot (2.39%) and Mybot (1.04%).

"The new variants are often launched by the same people that launched the original bot. These variants of a particular type of bot are grouped as families. The fact that all the variants in circulation belong to just a few families suggests that there are actually only a few people behind the bots, and who are just producing updated versions of their creations. This in itself is possibly due to the fact that bots are difficult to create, and there are few people able to produce them", explains Luis Corrons.



write your comments about the article :: 2007 Computing News :: home page