Skip Links

America's 10 most wanted botnets

Ranked by size and strength, these are the 10 most damaging botnets in the U.S.

By , Network World
July 22, 2009 10:46 AM ET

Network World - Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Here's a list of America's 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States.

Slideshow: 11 security companies to watch

No. 1: Zeus

Compromised U.S. computers: 3.6 million

Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers. It injects fake HTML forms into online banking login pages to steal user data.

No. 2: Koobface

Compromised U.S. computers: 2.9 million

Main crime use: This malware spreads via social networking sites MySpace and Facebook with faked messages or comments from "friends." When a user is enticed into clicking on a provided link to view a video, the user is prompted to obtain a necessary update, like a codec -- but it's really malware that can take control over the computer.

No. 3: TidServ

Compromised U.S. computers: 1.5 million

Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment. It uses rootkit techniques to run inside common Windows services (sometimes bundled with fake antivirus software) or in Windows safe mode, and it can hide most of its files and registry entries.

No. 4: Trojan.Fakeavalert

Compromised U.S. computers: 1.4 million

Main crime use: Formerly used for spamming, this botnet has shifted to downloading other malware, with its main focus on fake alerts and rogue antivirus software.

No. 5: TR/Dldr.Agent.JKH

Compromised U.S. computers: 1.2 million

Main crime use: This remote Trojan posts encrypted data back to its command-and-control domains and periodically receives instruction. Often loaded by other malware, TR/Dldr.Agent.JKH currently is used as a clickbot, generating ad revenue for the botmaster through constant ad-specific activity.

No. 6: Monkif

Compromised U.S. computers: 520,000

Main crime use: This crimeware's current focus is downloading an adware BHO (browser helper object) onto a compromised system.

No. 7: Hamweq

Compromised U.S. computers: 480,000

Main crime use: Also known as IRCBrute, or an autorun worm, this backdoor worm makes copies of itself on the system and any removable drive it finds -- and anytime the removable drives are accessed, it executes automatically. An effective spreading mechanism, Hamweq creates registry entries to enable its automatic execution at every startup and injects itself into Explorer.exe. The botmaster using it can execute commands on and receive information from the compromised system.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News