Trends in botnets: smaller, smarter

Some recent statistics on e-mail traffic provide more evidence of the trend toward smarter, more targeted online attacks.

'We have observed that spam levels for the last few months have been fairly stable,' said Paul Wood, chief information security analyst for MessageLabs Ltd. of London.

But the botnets'networks of compromised computers taken over by spammers and hackers'are getting smaller. Rather than hundreds of thousands of zombie computers spitting out unwanted e-mail and malicious code, they now consist of tens of thousands.

'They stay under the radar for longer,' said MessageLabs chief technology officer Mark Sunner. 'The return is still equal, if not greater, because the attacks are more targeted.'

Sunner said he expects continued refinement in attacks to be the distinguishing trend this year for spammers, hackers and purveyors of malicious code.

MessageLabs provides e-mail filtering and security services for 13,000 customers around the world, processing about 160 million e-mails a day. Its latest monthly report of security trends showed little change in levels of spam and viruses found in e-mail traffic in March. Spam accounted for about 58 percent of e-mail filtered, and one e-mail in 59 contained malicious code.

The change in botnets in part reflects internecine warfare among spammers in the past year in which competing worms sought to attack networks of already-compromised computers, turning control over to a new spam master.

'There was a lot of that going on,' Wood said. 'They have adapted the botnets to be more agile.'

Smaller nets also are more likely to escape the notice of security professionals who block malicious or suspicious traffic. This extends the life of the net as a launching pad for spam, although not indefinitely.

'The value of the botnets will diminish over time,' Wood said. 'When they do start to age, you can use them for different purposes,' such as distributing adware and spyware or launching denial-of-service attacks.

Sunner said e-mail-based phishing attacks, which attempt to lure victims into giving away personal data, are becoming more targeted.

'They contain more relevant information, and I'm more likely to fall for it,' he said. This requires more work on the part of the phisher, but returns are likely to be greater.

Sunner said that protecting against better-targeted attacks requires a more sophisticated defense than can be mounted on the desktop or in the LAN. That type of protection is not surprisingly offered by MessageLabs, which processes traffic with larger engines in the Internet cloud.

Sunner said he expects in the coming year to see a significant increase in the threat from targeted Trojans, one-off malicious code that is targeted at a specific enterprise and difficult to block.

Instant messaging has not suffered from the volume of security exploits that e-mail and HTML has because the IM environment is more fragmented. But Sunner said he expects that to change as major IM providers merge and make their services interoperable.

About the Author

William Jackson is a Maryland-based freelance writer.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected