Published: 08/07/2021

List of Botnets

The most prevalent botnets of recent years

Botnets are a major issue for the good guys, as botnet operators can profit from renting botnet time in much the same way that legitimate cloud service providers do. This results in botnets being used for DDoS attacks and other malicious activities, like fake account creation just like any other botnet operation"

The most dangerous botnets of recent years include:

  • BredoLab – a botnet that was shut down in 2014, it was suspected of having been used for DDoS attacks aimed at corporate sites and US-based banks.
  • Mariposa – the original Mariposa botnet, shut down in 2007 and used to control hundreds of thousands of infected computers around the world.
  • ZeroAccess – a botnet that made more than $500,000 per month by itself is also believed to be behind a large percentage of all spam emails sent worldwide.
  • Conficker – a botnet that caused a great deal of concern due to its use of root-kit technology, and as such was extremely difficult for antivirus software to detect. It is believed to have infected more than 9 million computers in the first few weeks after it started spreading.
  • Necurs – a botnet based on a peer-to-peer network, where each infected machine acts as both a client and server. It is capable of processing 1,000s of spam emails per hour as well as performing DDoS attacks.
  • TDL4 – a botnet built on the Tor network to disguise itself from detection while its creators made money renting it out. It is estimated to have infected as many as 4.5m computers around the world.
  • Ramnit – a botnet designed to steal banking credentials and credit card information from infected machines. It is estimated that it has been responsible for the theft of more than $1bn in financial data since 2011.
  • Coreflood – a botnet that is built on the peer-to-peer model, where infected computers can connect to each other by using a number of communication protocols such as IRC or HTTP.
  • Mirai – a botnet considered to be one of the most dangerous ever created. It includes code that allows it to scan for other devices on a network and then use those devices to attack websites and web servers in DDoS attacks.
  • Cutwail – a botnet that is capable of sending more than 1.5bn spam emails per day, making it the most prolific malware ever created.

In addition to these botnets, there are over one million zombie computers that participate in other more general-purpose botnets for DDoS attacks or spamming purposes such as IRC-based botnets or those run through proxies such as Tor – the infamous dark web network where users can anonymously buy and sell drugs, weapons or stolen goods and services.

Table of botnets

Botnet NameYearApprox. no. of bots
EarthLink Spammer20001,250,000
Coreflood20012,300,000
Bagle2004230,000
Rustock2006150,000
Cutwail20071,500,000
Akbot20071,300,000
Srizbi2007450,000
Bayrob2007400,000
Storm2007250,000
Mariposa200812,000,000
Conficker200810,500,000
Sality20081,000,000
Kraken2008495,000
Waledac200880,000
Asprox200815,000
BredoLab200930,000,000
ZeroAccess20099,000,000
Bamital20091,800,000
Grum2009560,000
Festi2009250,000
TDL420104,500,000
Kelihos2010300,000
LowSec201011,000
Gameover Zeus2010unknown
Ramnit20113,000,000
Andromeda (Gamarue)2011unknown
Dridex2011unknown
Carna2012420,000
Chameleon2012120,000
3ve20131,500,000
Necurs20146,000,000
Semalt2014300,000
Emotet2014unknown
Bashlite2014unknown
Mirai2016500,000
TrickBot2016200,000
Methbot2016100,000
Retadup2017850,000
Smominru (Hexmen, MyKings)2017525,000
Hajime2017300,000
WireX2017120,000

The most dangerous botnet up to date

While many of the botnets listed above have caused a great deal of damage to computer users around the world, including Conficker that infected more than 9 million computers in its first few weeks alone after release, there is no doubt that the Emotet botnet has been by far the most dangerous of recent years.

The Emotet creators were able to infect thousands of computers monthly by spamming users with fake invoices or shipping notices encouraging them to open an attachment in order to read details about an apparent shipment.

However, when these files were opened, they infected the user’s computer with malware that then spread out across the network looking for other vulnerable devices to infect. This caused huge problems because not only did many businesses find themselves unable to access shared documents or emails, but it also prevented them from being able to use their printers as well – creating a huge nuisance factor on top of any financial losses incurred by companies who used the infected machines.

Emotet has also been used for DDoS attacks against businesses with high-bandwidth connections, where the attacker tries to overwhelm the target’s server by flooding it with more messages or data than it can handle. This causes a denial of service and either crashes the server or slows down its performance so much that users are unable to access the website.

This is one reason why companies who rely on their servers for running eCommerce sites, streaming video content or providing cloud storage have suffered at the hands of hackers using Emotet to disrupt their business – because they generate so much traffic on a daily basis, it can be difficult to protect them from DDoS attacks even when they implement filtering systems such as BGP monitors and rate-limiting.

Emotet has been built on a modular system, meaning that attackers can constantly update the malware using different features and attacks. It is also capable of avoiding detection by many systems administrators because it deletes itself after completing its task and then moves itself to a new location so that it isn’t detected in scans for malware.

Finally, because it is capable of using social engineering techniques to persuade users to open malicious attachments or links in email campaigns, Emotet has remained a major player in the cyber-criminal world for many years – making it one of the most dangerous botnets ever created.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.

Required
Required

By registering, you confirm that you agree to Netacea's privacy policy.