The latest half-year figures compiled using Microsoft’s Malicious Software Removal Tool (MSRT) are in and botnets have, not surprisingly, risen to the top of the threat table.
Of the four million PCs the tool cleaned during the first half of 2006, half had botnet-related software on them, mostly Win32/Rbot, Win32/Sdbot, and a rather interesting one called Win32/Hupigon. The latter nasty is one of the growing number of bot Trojans built using cheap but effective DIY kits.
There are some clues in the report as to why bots pose such a threat. The main reason is that where large numbers of variants are circulating for a particular Trojan family (the three mentioned in the last paragraph account for a staggering 41,164 between them), bots allows infected PCs to be easily updated with a new piece of malware. This will probably be detected by security software, but it might not because in some respects at least it is new. There is no guarantee.
We’ve grown used to the idea that Microsoft will become a major provider of security products, but it has also stealthily climbed up the security intelligence league. This is to be welcomed if it gives us intelligence to this degree of detail.
The overwhelming majority of those bot-infected computers will be consumer PCs, a domain sysadmins are not supposed to worry about. But they are sending huge amounts of spam and malware-related emails to corporate PCs as you read this, a fact one reason why why most security budgets are slowly going up and not down.
Still think botnets are somebody else’s problem?