February 15, 2011, 2:37 PM — 2010 was a great year for botnets, particularly for the cyber criminals who run them. A report released Tuesday by security firm Damballa finds new botnets cropped up at a record pace in 2010.
Of the top-10-largest botnets being run today, six did not even exist in 2009. Only one, the botnet known as Monkif, was present in the 2009 top-10-largest-botnets list, Damballa officials said.
2010's largest botnet is responsible for 14.8% of all unique infected victims and is associated with the TDL Gang -- a criminal organization made famous for its advances in master-boot-record (MBR) rootkit technology and their commercially available do-it-yourself (DIY) botnet construction kit. Familiar names such as Conficker, Mariposa, as well as Zeus-based botnets were also in the top-ten list this year. At its peak in 2010, the total number of unique botnet victims grew by 654%, with an average incremental growth of 8% per week.
"Prior to 2010, many people thought in terms of spam and DDoS whenever the term 'botnet' was discussed," said Gunter Ollmann, vice president of research, Damballa. "By the end of the year, botnets such as Mariposa, Aurora, Koobface and Stuxnet had become household names -- revealing the breadth of crime commonly being facilitated with remotely controllable bot agents."
MORE ABOUT BOTNETS
The Top 10 largest botnets in 2010 accounted for approximately 47% of all botnet compromised victims -- down from 81% of the 2009 Top 10. Ollmann said the decrease was not unexpected as the number of new criminal botnet operators increased, as did the average number of botnets owned and managed by each botnet master. Of the tens-of-millions of infected systems identified in 2010, Damballa ascertained that more than 35% of unique IP addresses infected were simultaneously victims of two or more different botnet campaigns.