June 01, 2010, 8:00 AM — There are hundreds of botnets, ad hoc networks of Windows PCs that are infected with one or more programs to let them do the bidding of their controllers, some are far more trouble than others. While you can't afford to ignore any botnet threat, here are some of the worst of the worst.
"When it comes to Botnets, size does matter," said Scott Emo, head of endpoint solutions at Check Point, a network and endpoint security company. That's because "the larger the botnet network, the more “robot soldiers” the botnet operator has to do damage."
You shouldn't get too wrapped up though in who's the baddest of the bad. Richard Wang, the manager for anti-virus company SophosLabs US commented that, Sophos "tracks botnet activity based on spam that we see, sites that malware calls back to for updates and instructions, and known malware repositories. However, we do not track individual botnets as such."
Wang continued, "Take for example the Zeus (aka Zbot) botnets. While many report that Zeus is a significant threat, they fail to explain that it is not a single botnet. Instead it is a toolkit allowing individual criminals to set up similar but separate botnets of their own. Concern about the top 5 botnets is like worrying only about crime caused by the FBI's most wanted. While they are undoubtedly serious, the chances are that if you are attacked it will be by some much smaller fry."
It's also hard just to pin down a list of baddies as Timothy Armstrong, anti-virus researcher, for anti-virus firm Kaspersky Lab pointed out, "It is hard to measure which five are currently the worst."
Armstrong continued, "While we have a botnet like Conficker (also known as Kido by Kaspersky) that is very wide spread, it has a lot of potential to do damage but has not done anything significant yet, as compared to other botnets of smaller size. Due to the work of the Conficker working group, this botnet has been all but abandoned. Zeus is currently a very large threat, as the malware is found in a large portion of malicious mail attachments."
He added, "There is not one particular botnet for Zeus. Recent versions are sold for big bucks while older versions may be found for free. Every cyber criminal using it configures it uniquely - thus creating many unique Zeus botnets.
Certainly we must also mention Koobface, which began as a Facebook-specific botnet but has grown to include Twitter, MySpace and other social networks in its attack vectors. Kaspersky estimates that there are around half a million Koobface clients active on any given day, though due to varied networking infrastructures, it is hard to pin down an exact number. Beyond these three results vary greatly.
