The Sdbot and Gaobot families are responsible for most botnets worldwide. These two families were responsible for 80% of detections The Sdbot and Gaobot families are responsible for most botnets worldwide. These two families were responsible for 80% of detections related to bots during the first quarter of 2007.
Other culprits, although on a much lesser scale, included Oscarbot, IRCbot or RXbot.
“This dominance is not so much due to any special features of Gaobot or Sdbot, but simply because their code is much more widely available on the Internet. This means that any criminals that want to make a bot can simply base it on the source code of these threats, making any modifications they choose. Essentially, this saves them a lot of work,†explains Luis Corrons, technical director of PandaLabs.
Bots are automated worms or Trojans that install themselves on computers to carry out certain actions automatically, such as sending spam, and turning the compromised computers into ‘zombies’. Botnets -networks made up of computers infected with bots- have become a lucrative business model. There is an underground market for renting bots in order to send spam or install spyware or adware for example.Â
In 2006, bots accounted for 13% of all new threats detected by PandaLabs. Of those, 74% belonged to the Sdbot and Gaobot families.
As bots are expanding, the way they are controlled is changing. Until now, most of them were controlled through IRC servers. This allows attackers to send orders while hiding behind the anonymity of these chat servers. However, now there are bots that can be controlled through Web consoles using HTTP.
“Control through IRC is useful for controlling isolated computers. However, this system is not so useful when it comes to botnets. By using HTTP, bot herders can control many more computers at the same time, and can even see when one of them is online or if the commands have been executed correctlyâ€, explains Luis Corrons.
Bots often reach computers in emails that use social engineering or exploit system vulnerabilities. The aim is for them to be installed silently and to operate for long periods of time without users or security companies realizing.
“To prevent the threat of bots it is vital to use security solutions with proactive technologies so they can detect threats without having previously identified themâ€, concludes Luis Corrons.
To counter the threat of bots, Panda Software offers TruPrevent proactive detection technologies. Similarly, it offers users the new NanoScan beta, which detects active malware on computers, including malicious code that could have slipped past the security solution installed.
Companies are advised to carry out periodic audits to check that there is no malware hidden on their networks. Panda Software offers Malware Radar, the first exhaustive and automated security audit service.
