The Most Prevalent Botnets of Recent Years
Botnets are a major issue for the good guys, as botnet operators can profit from renting botnet time in much the same way that legitimate cloud service providers do. This results in botnets being used for DDoS attacks and other malicious activities just like any other botnet operation.
The most dangerous botnets of recent years include:
- BredoLab – a botnet that was shut down in 2014, it was suspected of having been used for DDoS attacks aimed at corporate sites and US-based banks.
- Mariposa – the original Mariposa botnet, shut down in 2007 and used to control hundreds of thousands of infected computers around the world.
- ZeroAccess – a botnet that made more than $500,000 per month by itself is also believed to be behind a large percentage of all spam emails sent worldwide.
- Conficker – a botnet that caused a great deal of concern due to its use of root-kit technology, and as such was extremely difficult for antivirus software to detect. It is believed to have infected more than 9 million computers in the first few weeks after it started spreading.
- Necurs – a botnet based on a peer-to-peer network, where each infected machine acts as both a client and server. It is capable of processing 1,000s of spam emails per hour as well as performing DDoS attacks.
- TDL4 – a botnet built on the Tor network to disguise itself from detection while its creators made money renting it out. It is estimated to have infected as many as 4.5m computers around the world.
- Ramnit – a botnet designed to steal banking credentials and credit card information from infected machines. It is estimated that it has been responsible for the theft of more than $1bn in financial data since 2011.
- Coreflood – a botnet that is built on the peer-to-peer model, where infected computers can connect to each other by using a number of communication protocols such as IRC or HTTP.
- Mirai – a botnet considered to be one of the most dangerous ever created. It includes code that allows it to scan for other devices on a network and then use those devices to attack websites and web servers in DDoS attacks.
- Cutwail – a botnet that is capable of sending more than 1.5bn spam emails per day, making it the most prolific malware ever created.
In addition to these botnets, there are over one million zombie computers that participate in other more general-purpose botnets for DDoS attacks or spamming purposes such as IRC-based botnets or those run through proxies such as Tor – the infamous dark web network where users can anonymously buy and sell drugs, weapons or stolen goods and services.
Table of Botnets
|Botnet Name ||Year ||Approx. no. of bots |
|EarthLink Spammer ||2000 ||1,250,000 |
|Coreflood ||2001 ||2,300,000 |
|Bagle ||2004 ||230,000 |
|Rustock ||2006 ||150,000 |
|Cutwail ||2007 ||1,500,000 |
|Akbot ||2007 ||1,300,000 |
|Srizbi ||2007 ||450,000 |
|Bayrob ||2007 ||400,000 |
|Storm ||2007 ||250,000 |
|Mariposa ||2008 ||12,000,000 |
|Conficker ||2008 ||10,500,000 |
|Sality ||2008 ||1,000,000 |
|Kraken ||2008 ||495,000 |
|Waledac ||2008 ||80,000 |
|Asprox ||2008 ||15,000 |
|BredoLab ||2009 ||30,000,000 |
|ZeroAccess ||2009 ||9,000,000 |
|Bamital ||2009 ||1,800,000 |
|Grum ||2009 ||560,000 |
|Festi ||2009 ||250,000 |
|TDL4 ||2010 ||4,500,000 |
|Kelihos ||2010 ||300,000 |
|LowSec ||2010 ||11,000 |
|Gameover Zeus ||2010 ||unknown |
|Ramnit ||2011 ||3,000,000 |
|Andromeda (Gamarue) ||2011 ||unknown |
|Dridex ||2011 ||unknown |
|Carna ||2012 ||420,000 |
|Chameleon ||2012 ||120,000 |
|3ve ||2013 ||1,500,000 |
|Necurs ||2014 ||6,000,000 |
|Semalt ||2014 ||300,000 |
|Emotet ||2014 ||unknown |
|Bashlite ||2014 ||unknown |
|Mirai ||2016 ||500,000 |
|TrickBot ||2016 ||200,000 |
|Methbot ||2016 ||100,000 |
|Retadup ||2017 ||850,000 |
|Smominru (Hexmen, MyKings) ||2017 ||525,000 |
|Hajime ||2017 ||300,000 |
|WireX ||2017 ||120,000 |
The Most Dangerous Botnet Up to Date
While many of the botnets listed above have caused a great deal of damage to computer users around the world, including Conficker that infected more than 9 million computers in its first few weeks alone after release, there is no doubt that the Emotet botnet has been by far the most dangerous of recent years.
The Emotet creators were able to infect thousands of computers monthly by spamming users with fake invoices or shipping notices encouraging them to open an attachment in order to read details about an apparent shipment.
However, when these files were opened, they infected the user’s computer with malware that then spread out across the network looking for other vulnerable devices to infect. This caused huge problems because not only did many businesses find themselves unable to access shared documents or emails, but it also prevented them from being able to use their printers as well – creating a huge nuisance factor on top of any financial losses incurred by companies who used the infected machines.
Emotet has also been used for DDoS attacks against businesses with high-bandwidth connections, where the attacker tries to overwhelm the target’s server by flooding it with more messages or data than it can handle. This causes a denial of service and either crashes the server or slows down its performance so much that users are unable to access the website.
This is one reason why companies who rely on their servers for running eCommerce sites, streaming video content or providing cloud storage have suffered at the hands of hackers using Emotet to disrupt their business – because they generate so much traffic on a daily basis, it can be difficult to protect them from DDoS attacks even when they implement filtering systems such as BGP monitors and rate-limiting.
Emotet has been built on a modular system, meaning that attackers can constantly update the malware using different features and attacks. It is also capable of avoiding detection by many systems administrators because it deletes itself after completing its task and then moves itself to a new location so that it isn’t detected in scans for malware.
Finally, because it is capable of using social engineering techniques to persuade users to open malicious attachments or links in email campaigns, Emotet has remained a major player in the cyber-criminal world for many years – making it one of the most dangerous botnets ever created.