Rustock is today the largest and most productive spam botnet in the world, as was reported at the RSA Conference 2011 in San Francisco.
The Rustock botnet (founded around 2006) consists of an estimated 250,000 computers, and the size of Rustock is related to the constantly evolving technologies.
Joe Stewart, Director of Malware Research at Dell SecureWorks Counter Threat Unit, said that Rustock occupies the first position due to the fact that developers are constantly creating and updating source code which makes many antiviruses fail to detect the malware.
The interesting point is that most criminals are not looking to have large sized bot networks anymore, instead they try to have a smaller number of zombies in order to avoid being detected by major ISP’s. Rustock has employed other novel tactics to stay under-the-radar:
• Samples with active control servers have been observed waiting for up to five days before spamming
• Rustock control servers run a TOR exit node, likely in an attempt to avoid disconnection by network administrators who might think the abuse is originating elsewhere
• Rustock uses the HTTP protocol for communication with the controller, but disguises the requests as if they are online forum posts with encrypted content
• In an attempt to frustrate takedowns, hostnames associated with the Rustock HTTP communication do not map directly to the IP address of a Rustock controller; instead, the IP address listed in a DNS is passed through a custom algorithm to find the true IP address to communicate with
In second place we find Cutwail botnet with 100,000 bots, followed by Lethic with 75,000 bots; Grum has 65,000 bots; Festi has 60,000 bots, and Maazben has 30,000 bots. The remaining spam botnets have 5,000 to 30,000 bots and include Asprox, Fuflo, Waledac, Fivetoon / DMSSpammer, Xarvester, Bobax, Gheg and Bagle.
Botnets can even be rented, and now they have new and attractive targets including smart phones and mobile devices.
It is clear that even if we use innovative solutions and latest security techniques to prevent breaches and criminal communications, botnets will continue to dominate the cyber threat landscape
[InfoSecIsland]
No comments:
Post a Comment