Christmas: the enemy of botnets
Apparently, Christmas helps to thwart botnet operators. According to observations made by several watchdog groups, the size of global botnets has abruptly decreased. Botnets are networks of thousands, to hundreds of thousands, of infected PCs, which are mostly running on Windows and are remotely controlled, often without the knowledge of their owners. Criminals use botnets to distribute spam mails and malware or to launch large attacks (DDoS) on other web servers or networks.
The ShadowServer Foundation, a consortium of several security specialists who watch botnets, malware and phishing activities, reported a drop in the count of zombie PCs from Saturday to Sunday of the past week from about 500,000 to just under 400,000. The Internet Storm Center DShield, also recorded lower levels of activity; however, their counts only show a drop of about ten percent. These numbers can be explained by the exchange of old infected PCs against new PCs received as Christmas presents on Christmas Eve, which removes a large number of zombie PCs all at once from the Net. Although the new Windows PCs are not necessarily 100% up-to-date and must be updated accordingly, the firewall of Windows XP SP2 should provide a minimum of protection when connecting to the Internet for the first time, allowing users to update their systems.
However, it is highly probable that during the next few months a large number of these new PCs will be infected again with bots - probably when users have configured their e-mail clients and the first malware floods reach their inboxes.