Thought that 2009 was the year that botnets died, well think again Batman, it was actually the year they bounced back. Compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world, every single day, during 2009 according to a new Symantec report.
Indeed, the Symantec MessageLabs Intelligence 2009 report suggests that the shutdown of botnet hosting ISPs such as McColo towards the end of 2008 and Real Host in August this year didn't destroy the botnet threat but rather simply made those behind them re-evaluate and enhance command and control backup strategies so as to be able to recover from damage in hours rather than weeks.
Symantec predicts that botnets will become autonomous intelligent, with each node containing an inbuilt self-sufficient coding in order to coordinate and extend its own survival, during the course of 2010.
Cutwail, Mega-D, Rustock and handful of other botnets already have control of upwards of five million compromised computers. Cutwail alone was responsible for issuing 29% of all spam, that's 8,500 billion individual spam messages, between April and November 2009.
Cutwail also distributed the Bredolab Trojan dropper, disguised in the form of a .ZIP file attachment, designed to give the sender complete control of the target computer which then could be used to deploy other botnet malware, adware or spyware onto the victim’s computer. It is estimated that during the month of October, some 3.6 billion Bredolab malware emails were in circulation.
"2009 was the year that the threat landscape sharpened its skills, rather than just relying on large spam runs and malware attacks. We intercepted more variants with increased sophistication, efficiency as well as improvements in technology" said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. "We stopped more than 21 million different types of spam campaigns in 2009, more than twice the amount seen in 2008, and saw a 23 percent increase in malware variants year-on-year. The significant increases suggest that, thanks to the increased availability of specialized criminal toolkits, it was easier to create, distribute and use spam and malware than ever before".