Malware toolkits fuel the botnet epidemic
In a current report, anti-botnet specialists at Damballa write that the number of bot-infected PCs worldwide increased sevenfold within a year, although no absolute figures are mentioned. The researchers consider that the expansive growth in 2010 was caused by the increasing availability of "exploit packs" and trojan toolkits. Such tools enable criminals without programming skills to assemble their attack weapons and malware with a few simple mouse clicks. Toolkit prices range between $100 and $1,000.
Among the most popular toolkits in terms of deployment is the Alureon bot, aka TDL, which has rootkit capabilities. To infect a system, Alureon can even bypass the extra security measures available in the 64-bit versions of Windows 7 and Vista.
An Alureon-based botnet operated by a cyber gang called RudeWarlockMob was responsible for almost 15% of the total number of infections registered by Damballa. Microsoft had made similar observations in the first half of 2010, and even, for example, held Alureon responsible for a third of all infections in Germany.
Second place in Damaballa's statistics is occupied by the RogueAVBotnet botnet, which is apparently used to deploy scareware. In third place is the ZeuS online banking trojan, followed by Monkif and Kobbface. In mid-2010, a ZeuS botnet operated by a cyber gang called FourLakeRiders reportedly created 1.2 million zombie PCs. Overall, the 10 largest botnets were responsible for almost half of all registered infections.