[ insider_reports_insider ]
Botnet Armies Regrouping: 12 Million Hijacked IPs In Q1
SecurityProNews
Staff Writer
2009-05-05
 Insider Reports RSS Feed
The numbers are alarming just because of the sheer size of them. In the first quarter of 2009, 12 million new IP addresses were hijacked by botnets, according to one report. In another, security researchers who temporarily took control of one botnet grabbed 56,000 passwords in a single hour.
 | | Botnet Armies Regrouping: 12 Million Hijacked IPs In Q1 |  |
The November 2008 takedown of McColo Corp., which knocked out 60 percent of all spam at the time, served only as a temporary setback for the massive botnet armies roaming the Web. Though it's taken longer for spammers to recover than estimated, McAfee says spam volumes have already recovered about 70 percent.
Much of that rebirth is thanks to an army of zombie computers built up by cybercriminals who have also taken control of nearly 12 million new IP addresses since January, a 50 percent increase since 2008. Numbers are courtesy of McAfee's Q1 2009 threat report (PDF), released today.
"The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware," said Jeff Green, senior vice president of McAfee Avert Labs. "Essentially, this is cybercrime enablement."
McAfee found that 800 new variants of the Koobface virus were discovered in March alone, spread with the help of servers also hosting legitimate content. This method has become a popular means among cybercrooks of cloaking their activities. Increased use of URL redirects and Web 2.0 sites also helps in this effort.
Though the US is the host with the most when it comes to botnets with 18 percent of the world's zombie machines, the country always has steep competition from China and Russia. In Russia, cybercrooks are brassy enough to infect the websites of banks and various government agencies. McAfee's report provides a detailed list of these sites, which include:
Rusfinance Bank
OGO Bank
Tusarbank
Link Capital Investment Bank
The Maritime Bank
Vladivostok Alfa Bank
Bank Eurotreid
Bank Voronezh
Bashcreditbank
Enisey's United Bank
Inter-Svayz Bank
Ministry of Taxation, Nazran region
Russian State Internet Network
Regional Finance & Economy Institute
Joint Institute for Nuclear Research
Medical Center of Russian Federation President's Department
Pension Fund of the Russian Federation
Personal Network for the Russian Federation Justice
JSC Chechen Cellular Communication
Of course the primary objective is financial. Researchers from the University of California Santa Barbara managed to take control of the Torpig botnet (PDF) for about ten days before their owners were able to take them back. They did so by registering domains the botnet planned to communicate with but had not.
During the time they had control of Torpig, researchers gathered 300,000 unique login credentials, 28 percent of which were for accessing over 368,000 websites. Over the span of one hour, 56,000 passwords were cracked with simple replacement rules, indicating the users' passwords were relatively simple.
The information the researchers gathered was worth as much as $8.3 million (estimated) and included credentials for 8,310 accounts at 410 financial institutions.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
