Sdbot and Gaobot take the lead on the botnet market
In the hacker competition, the Sdbot and Gaobot bots lead in the maximum number of zombie PCs under control. According to the antivirus company PandaLabs, these two bot are responsible for 80% of all new infections in the I quarter. 2007 The Oscarbot, IRCbot and RXbot followed the lead very far.
“The reasons for this predominance lie not so much in some special properties of Gaobot or Sdbot, but simply because their code is most common on the Internet,” explains Luis Corrons, technical director of PandaLabs. “This means that any criminal who wants to create a bot can simply take the source code of these threats and make any changes of their choice. Indeed, due to this, their time and effort are significantly saved. ”
Bots are worms or trojans that are installed on computers to automatically perform certain actions, such as sending spam, and then turn computers into zombies. Botnets - networks consisting of computers infected with bots have already become a profitable business model . There is an underground market for renting bots, for example, for sending spam or installing spyware and adware.
In 2006, bots made up 13% of the total number of new threats detected by PandaLabs, and 74% of them belonged to the Sdbot and Gaobot families.
')
As the number of bots grows, the ways of their control change. So far, criminals controlled bots using IRC servers. Through them, attackers can send orders, hiding behind the anonymity of such chat servers. However, today there are bots that can be controlled via web consoles using HTTP .
“Control via IRC is convenient to use to control isolated computers. However, such a system is no longer very effective for botnets. Through the use of HTTP, botmasters can simultaneously manage a large number of computers, they can even track which one is online, and whether commands are executed correctly, ”says Luis Corrons.
Bots most often get into computers with email or system vulnerabilities. The main goal is to install silently and continue their activities for a long time without giving out their presence.
via PandaLab
“The reasons for this predominance lie not so much in some special properties of Gaobot or Sdbot, but simply because their code is most common on the Internet,” explains Luis Corrons, technical director of PandaLabs. “This means that any criminal who wants to create a bot can simply take the source code of these threats and make any changes of their choice. Indeed, due to this, their time and effort are significantly saved. ”
Bots are worms or trojans that are installed on computers to automatically perform certain actions, such as sending spam, and then turn computers into zombies. Botnets - networks consisting of computers infected with bots have already become a profitable business model . There is an underground market for renting bots, for example, for sending spam or installing spyware and adware.
In 2006, bots made up 13% of the total number of new threats detected by PandaLabs, and 74% of them belonged to the Sdbot and Gaobot families.
')
As the number of bots grows, the ways of their control change. So far, criminals controlled bots using IRC servers. Through them, attackers can send orders, hiding behind the anonymity of such chat servers. However, today there are bots that can be controlled via web consoles using HTTP .
“Control via IRC is convenient to use to control isolated computers. However, such a system is no longer very effective for botnets. Through the use of HTTP, botmasters can simultaneously manage a large number of computers, they can even track which one is online, and whether commands are executed correctly, ”says Luis Corrons.
Bots most often get into computers with email or system vulnerabilities. The main goal is to install silently and continue their activities for a long time without giving out their presence.
via PandaLab
Source: https://habr.com/ru/post/6697/
All Articles