Botnets to evolve intelligently in 2010


8 Dec 2009

Adapting and evolving to survive has been the gameplay for spammers in 2009 as the shutdown of several large botnet-hosting ISPs over the past 12 months has pushed the upskilling of cyber criminals.

While computers comprised or infected by botnet software account for 83.4pc of the 107 billion spam messages distributed globally per day on average, the closure of hosting ISPs like McColo in late 2008 and Real Host in August 2009 has led to these outfits rethinking their backup strategy, said Symantec’s MessageLabs Intelligence 2009 Security Report.

In fact, Symantec predicted that in 2010 botnets will become autonomously intelligent, with each node or bot having its own built-in coding to co-ordinate with others and get back online if disrupted.

Sharpened skills this year

“2009 was the year that the threat landscape sharpened its skills, rather than just relying on large spam runs and malware attacks. We intercepted more variants with increased sophistication, efficiency as well as improvements in technology,” said Paul Wood, MessageLabs Intelligence senior analyst, Symantec.

“We stopped more than 21 million different types of spam campaigns in 2009, more than twice the amount seen in 2008, and saw a 23pc increase in malware variants year-on-year. The significant increases suggest that, thanks to the increased availability of specialised criminal toolkits, it was easier to create, distribute and use spam and malware than ever before.”

The MessageLabs report details that botnets continue to dominate the cyber security landscape this year, with 10 big ones controlling at least 5 million compromised computers globally.

Cutwail at the fore

In fact, one of the big hitters, Cutwail, made a large impression in terms of both spam and malware in 2009: Cutwail alone was responsible for issuing a staggering 29pc of all spam – that’s 8,500 billion spam messages – between April and November of this year.

A look at the year in cyber security shows that the biggest threat this year was the Conficker/Downadup worm that allowed its controllers to remotely install software on infected machines.

One of the concerns about Conficker is that security experts do not know how exactly infected machines could be further exploited said Symantec, and the Conficker Working Group has estimated that more than 6 million computers worldwide have been infected at this stage.

Credit crisis milked

The global credit crisis also impacted on cyber security in 2009, with many finance-related attacks aimed at exploiting unsuspecting individuals concerned with their finances.

Symantec noted that the bulk of this “recession spam” was dumped early on in the year in February, when spam containing hyperlinks to a number of popular search engines was circulated.

URL-shortening played an important role on social-networking sites and micro blogging sites as users accustomed to using these services unwittingly clicked on familiar-looking but risky spam links in error.

Other spam tactics in 2009 included taking advantage of public curiosity in the death of pop star Michael Jackson, when links to images of his body and sales of his CDs were sent around.

“Although sophistication and innovation are at the forefront of some of the attacks we see, predictability also plays a large part of the day-to-day threat landscape,” Wood said.

“The security industry as a whole talks about themed attacks, such as those surrounding Valentine’s Day, Christmas and celebrity deaths, however, the frequency and volume of these attacks suggests that the cyber criminals are still achieving the results desired or their tactics would have changed.”

By Marie Boran

Photo: The closure of botnet-hosting ISPs recently has led to these outfits rethinking their backup strategy, said Symantec’s MessageLabs Intelligence 2009 Security Report.