The the purpose of this vast computer force is still not clear following August email malware surge
An enormous army of infected computers is being assembled, but it is unclear yet what purpose they will be put to.
Wave after wave of malicious email attachments has been sent out since August, and with average success rates for such mailings, millions of machines could be compromised, says internet security firm Commtouch.
Once infected, the computers can be loaded with additional malware that can perform a range of activities, including spamming, participating in DDoS attacks, stealing bank credentials and compromising email and social-network accounts.
But what this botnet will do remains a mystery. The purpose of this vast computing force is still not clear.
Since a record peak of 25 billion malicious attachments to emails being sent on a single day in mid-August, email-attached malware has peaked five times since, each spike smaller than the one before.
Each peak represents a surge in a particular scam used to dupe victims into opening the attack attachments. The first wave consisted mainly of phony notices from UPS or FedEx that a package has been misrouted. The second, called the Map of Love, is a PDF that purports to be a map of interesting destinations worldwide. The third is a false notice of an altered charge for a hotel room, the blog post says.
User forums indicate that the malware campaigns worked, with many users opening the attachments. While it doesn't have estimates of the number of machines compromised, Commtouch says that such campaigns have linear success, so the more attachments sent, the more opened.
If the purpose of the assembled botnet is to send spam, it hasn't had an impact on overall spam traffic, which has actually been trending a bit downward. However, if the purpose is for something much worse than to simply send spam, we’ll have to just wait and see.
More than 2 million PCs in the U.S., or just over 5 out of every 1,000, were recruited into botnets during the second quarter of 2010, according to a Microsoft report released last week. Botnets are networks of unsuspecting computers, dubbed zombies, that have been infected by malicious software, or bots. Cyber-criminals control and use those computers through the bots to launch spam, viruses, and phishing attacks against other PCs over the Internet.
Microsoft issued its latest Security Intelligence Report, indicating that botnets pose the biggest problem for security teams attempting to defend websites, networks and end user devices from malware infections.
Volume 9 of the Microsoft Security Intelligence Report lays out evidence that while there has been some success in breaking up major botnets, more action is needed if security teams ever expect to see a major decline in botnet malware infections. Microsoft said it cleaned more than 6.5 million computers of botnet infections in the first half of 2010, double the amount for the same period a year before.
The U.S. had the most botnet infections, with 2.2 million in the first half of 2010, ahead of second place Brazil with 550,000 botnet infections, according to the report. Meanwhile, Spain held the top spot in Europe with 382,000 botnet infections, followed by France, the U.K. and Germany.
Nearly every piece of malware Microsoft identified in the first half of 2010 could be traced back to a major botnet. Worms increased in prevalence the most over the past four quarters, tying Trojans in prevalence in the second quarter of 2010. In addition, some malware contains hundreds and sometimes thousands of different variants, designed to slip past traditional security technologies and remain virtually undetectable on systems.
To better protect PCs from malware, Microsoft and River Run advises individuals and businesses to make sure to update their PCs with the latest patches, download the latest antivirus definitions, and use strong and secure passwords. Just last week, Microsoft launched a record number of patches to fix 49 different security holes, including one used by the Stuxnet worm.