Two Worm "Families" Make Up Most Botnets

JMoon writes "HNS has an article about the Sdbot and Gaobot families which are responsible for most botnets worldwide. These two families were responsible for 80 percent of detections related to bots during the first quarter of 2007. Other culprits, although on a much lesser scale, included Oscarbot, IRCbot or RXbot."

And that won't change soon

[Opportunist]

Recently, I had to put an SP1 WinXP online to demonstrate that it's (still) insecure to do that. I was expecting that the blaster menace has somewhat dwindled since its outbreak, simply 'cause it's been a while since its outbreak.

Boy, was I wrong!

It took 10 seconds for the FTP to go berserk, a minute later I was a happy member of the still strongly going family of wormspreaders.

People simply don't update their systems. It's amazing, that thing is afaik about 5 years old now, and still there are a LOT of machines existing that still blow the worm through the net.

We're not talking about an unfixable problem, or at least one where the user has to be dumb enough to open the can for the worm (ok, bad pun). It's as simple as updateing to SP2, something that works automatically.

You actually have to disable MS Messenger to at least cease to get those annoying popup messages, so why can people disable that but not update their systems? That's simply beyond my comprehension.

There's a reason for that.

[Spazntwich]

SDBot is incredibly popular because it's open source and easily modified to sneak past most AV software with minor changes. It also has an extremely wide array of features, and tends to be very reliable.

People without the knowledge to code their own trojan/bot from scratch will naturally gravitate towards tools which allow them to make their money more easily, and it's a real time saver.

Or so I hear.