Botnets: A Look Ahead

While the infamous Storm botnet ran its course, and at least one hoster that was accused of hosting a good number of botnet command and control servers was shut down, don't expect spam or the botnet threat to disappear anytime soon.According to a research note published by managed security services provider SecureWorks -- the Storm botnet's death last summer resulted from a combination of punches it couldn't recover: First, a number of security researchers uncovered ways to break the encryption schemes used by the bot-masters to secure their command and control functions. Yet, because the worm utilized peer-to-peer networking, it wasn't possible to totally eradicate the network this way. However, writes Joe Stewart, director of malware research at SecureWorks, the number of bot infections was hit hard -- at least cut by hundreds of thousands -- by Microsoft's MSRT (Microsoft's Malicious Software Removal Tool). "Storm's numbers continued to fall off over the course of 2008, before it was apparently abandoned in September," wrote Stewart.

While the McColo hosting site takedown last year year caused a reduction in the number of spam messages sent globally by 50% to 75%, the hit was short-lived, as other botnets quickly stepped in to fill the vacuum.

So what does SecureWorks think will be some of the biggest botnets this year? Stewart named several: Cutwail, with 175,000 bots; Rustokc with 130,000; Donbot at 125,000; and ozdoc with 120,000. They round out the largest botnets, based on total number of current infections. However, there are many others out there with less than 100,000 estimated bots: Xarvester, Grum, GHEG, Cimbot, and Waledac.