Gigantic. Watchdog organization Shadowserver Foundation monitors the number of detected command-and-control servers -- which indicates how many individual botnets are out there -- and the number of clients these servers control.

From November 2006 through May 2007, Shadowserver reported roughly 1,400 command-and-control servers active at any given time, though the number varied hourly and ranged from 1,100 to more than 1,700.

If that sounds like small potatoes, consider that the real problem for enterprises isn't the number of networks but the skyrocketing number of drones they control. From March through May, active drones grew at an alarming rate from about a half million to more than 3 million, the organization says.

Shadowserver doesn't claim this is a count of all the bots and botnets out there, just the ones it detected in active use. No one knows how many machines lie dormant. Some researchers even have made the controversial claim that as many as 11% of the 1.1 billion computers worldwide with Internet access are infected and part of the available bot pool.

Symantec says it found 6 million infected bots in the second half of 2006. Currently, about 3.5 million bots are used to send spam daily, says Gadi Evron, a well-known botnet hunter.

The point is that the scale now is so vast that trying to count bots has become irrelevant, "The number doesn't matter," Evron says. "The bad guys control as many bots as they need to."

In fact, the Department of Justice and FBI have identified more than 1 million victims of botnet crimes.

< Return to main