Once contacted, the DNS and mothership server often redirect the initiating stub client to other DNS and mothership servers. In this way, the stub client is directed over and over (often more than a dozen times) to newly exploited computers, until eventually the stub program receives its final instructions and the more permanent malicious program is installed.
All in all, the setup used by today's malware writers makes it very difficult for IT security pros to defend against their wares.
Threat No. 6: Botnets as a serviceBotnets aren't just for their creators anymore. Having more than likely bought the malware program that creates the bot, today's owners will either use the botnet for themselves or rent it to others by the hour or another metric.
The methodology is familiar. Each version of the malware program attempts to exploit thousands to tens of thousands of computers in an effort to create a single botnet that will operate as one entity at the creator's bidding. Each bot in the botnet eventually connects back to its C&C (command and control) server(s) to get its latest instructions. Botnets have been found with hundreds of thousands of infected computers.
But now that there are so many active botnets (literally tens of millions of infected computers each day), botnet rentals are fairly cheap, meaning all the more problems for IT security pros.
Malware fighters will often attempt to take down the C&C servers and/or take over their control so that they can instruct the connecting bots to disinfect their host computers and die.
Threat No. 7: All-in-one malwareToday's sophisticated malware programs often offer all-in-one, soup-to-nuts functionality. They will not only infect the end-user but also break into websites and modify them to help infect more victims. These all-in-one malware programs often come with management consoles so that their owners and creators can keep track of what the botnet is doing, who they are infecting, and which ones are most successful.