Cyber criminals building more but smaller botnets

Cyber criminals are downsizing their botnets to try and trick software security companies.

Computers infected with a virus unknowingly become 'zombies' in a botnet - which is a network used to send out spam and to mount further attacks on other machines. The zombie army can be controlled remotely with the botnet creators usually trying to build the largest possible botnet of compromised computers to rent out to gangs for as little as $100 for a couple of hours.

But researchers at antivirus company F-Secure have reported seeing these large networks being broken down into smaller groups of compromised computers because the creation of large botnets is not creating as much revenue for such cyber criminals.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Mika Stahlberg, programme manager of the security response team at F-Secure, said the company is still seeing very big botnets around the world but coders are no longer trying to build as big a botnet as they can because that does not make any more money than a collection of smaller botnets.

The botnet bandits are also erring on the side of caution by steering away from larger botnets because if the central server controlling such a network goes down then the whole of the botnet is lost, according to F-Secure.

Stahlberg added: "These people don't want to put all their eggs in one basket and are therefore running smaller botnets."

The malware writers are also getting lazy, according to F-Secure, and are no longer attempting to catch out companies by using increasingly complex viruses.

Sean Sullivan, technical expert at F-Secure, said virus writers can no longer beat security companies with complex codes and are therefore trying to do it through creating "malware factories" which swamp the security companies.

Sullivan added: "It used to be a big event when a virus came along but now we get 10,000 [malware samples] a day, most of which are variations on the same code."

F-Secure employs a 16-strong response team in its Finnish headquarters to monitor and detect malware activity using tools such as a mobile phone bunker to test viruses and a Google Earth mash-up. Click here to see photos of how F-Secure hunts the cyber criminals.