Botnet Business Booming

Some dismantled botnets rank in the top ten most prevalent as old bot malware gets repurposed, according to new Fortinet report

If theres one thing weve learned about botnets, its that old botnets die hard -- if at all. And one-third of the top 10 botnets identified by Fortinet are nearly 10 years old, underscoring the difficulty of truly eradicating these easily built armies of infected machines.
Botnet takedowns over the past few years have temporarily suspended and crippled big chunks of pesky botnets, including Mariposa and Waledac, but that doesnt mean the malware, operators, or even segments of their infrastructures get completely eradicated.
The 10 most prevalent botnet infections found by Fortinets FortiGuard Labs in February were (in order) ZeroAccess, Jeefo, Smoke, Mariposa, Grum/Tedroo, Lethic, Torpig, SpyEye, Waledac, and Zeus. And, yes, although Mariposa and Waledac had been dismantled, at least in part over the past few years, new variants of their malware live on.
Once the Pandoras box has been opened and that software gets out there, youre unable to make it go away forever. A piece of botnet software might become obsolete or have different people behind it, or they go to prison, or stop developing it, says Richard Henderson, security strategist for Fortinets FortiGuard Labs, which published a new botnet report last week. For the people behind the botnets, its a full-time job. Theyre always working on ways to generate new infections.
Henderson says the botnet business is as lucrative as ever, and plenty of botnet activity goes unseen. The ZeroAccess botnet is growing at a rate of 100,000 to 200,000 new infections per week, for example, he says, and its main goal is mining for Bitcoins.
The guys behind it are so confident in getting new infections that they are paying affiliates five times the going rate to infect machines for them, he says. The typical pay is about $100 per 1,000 machines, but the ZeroAccess gang pays out $500 for the same number of bots -- just for infecting the machines.
There are consulting services that help nontechnical botmasters get started for about $350 to $400, and professional botnet services charge thousands of dollars per month for bots and technical support.
Botnet rentals are also available: $535 for five hours per day of DDoS attacks per week, $40 for 20,000 spam emails, and $2 for 30 online forum and comment spam posts, according to Fortinets report.
A single stolen user account sells for $5 to $15, and those accounts are typical sold in volume bundles.
How can you tell if a machine is a bot? Fortinet says some symptoms include:
>> System is running slower than usual
>> Hard drive LED is flashing wildly even though it is in idle mode
>> Files and folders have suddenly disappeared or have been changed
>> A friend or colleague has informed the user that they have received a spam email from their email account
>> A firewall on the computer informs the user that a program on the PC is trying to connect to the Internet
>> A launch icon from a program downloaded from the Internet suddenly disappears
> >More error messages than usual are popping up
>> Online bank is suddenly asking for personal information it has not required before
The full botnet report from Fortinet is available
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Botnet Business Booming