Slashdot Mirror
America's 10 Most-Wanted Botnets
bednarz writes "Network World ranks America's 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States. The leader is Zeus, with 3.6 million compromised PCs so far. The Zeus Trojan uses key-logging techniques to steal user names, passwords, account numbers and credit card numbers, and it injects fake HTML forms into online banking login pages to steal user data. At the bottom of the list is Conficker, which despite its celebrity status has compromised just 210,000 US computers so far."
I'm surprised the slashbots aren't on that list. They have the power to take a website offline in mere moments thanks to the power wielded by their evil overlord, CmdrTaco. He simply posts a link to the site he wants removed from the net on the front of his homepage, and the site goes offline.
Please... If you are interested in top 10 lists, put the information from least significant to most. This makes the piece more interesting.
Thanks.
No. 10: Conficker
Compromised U.S. computers: 210,000
Main crime use: Also called Downadup, this downloader worm has spread significantly throughout the world, though not so much in the U.S. It's a complex downloader used to propagate other malware. Though it has been used to sell fake antivirus software, this crimeware currently seems to have no real purpose other than to spread. Industry watchers fear a more dangerous purpose will emerge.
No. 9: Gammima
Compromised U.S. computers: 230,000
Main crime use: Also know as Gamina, Gamania, Frethog, Vaklik and Krap, this crimeware focuses on stealing online game logins, passwords and account information. It uses rootkit techniques to load into the address space of other common processes, such as Explorer.exe, and will spread through removable media such as USB keys. It's also known to be the worm that got into the International Space Station in the summer of 2008.
No. 8: Swizzor
Compromised U.S. computers: 370,000
Main crime use: A variant of the Lop malware, this Trojan dropper can download and launch files from the Internet on the victim's machine without the user's knowledge, installing an adware program and other Trojans.
No. 7: Hamweq
Compromised U.S. computers: 480,000
Main crime use: Also known as IRCBrute, or an autorun worm, this backdoor worm makes copies of itself on the system and any removable drive it finds -- and anytime the removable drives are accessed, it executes automatically. An effective spreading mechanism, Hamweq creates registry entries to enable its automatic execution at every startup and injects itself into Explorer.exe. The botmaster using it can execute commands on and receive information from the compromised system.
No. 6: Monkif
Compromised U.S. computers: 520,000
Main crime use: This crimeware's current focus is downloading an adware BHO (browser helper object) onto a compromised system.
No. 5: TR/Dldr.Agent.JKH
Compromised U.S. computers: 1.2 million
Main crime use: This remote Trojan posts encrypted data back to its command-and-control domains and periodically receives instruction. Often loaded by other malware, TR/Dldr.Agent.JKH currently is used as a clickbot, generating ad revenue for the botmaster through constant ad-specific activity
No. 4: Trojan.Fakeavalert
Compromised U.S. computers: 1.4 million
Main crime use: Formerly used for spamming, this botnet has shifted to downloading other malware, with its main focus on fake alerts and rogue antivirus software.
No. 3: TidServ
Compromised U.S. computers: 1.5 million
Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment. It uses rootkit techniques to run inside common Windows services (sometimes bundled with fake antivirus software) or in Windows safe mode, and it can hide most of its files and registry entries.
No. 2: Koobface
Compromised U.S. computers: 2.9 million
Main crime use: This malware spreads via social networking sites MySpace and Facebook with faked messages or comments from "friends." When a user is enticed into clicking on a provided link to view a video, the user is prompted to obtain a necessary update, like a codec -- but it's really malware that can take control over the computer.
No. 1: Zeus
Compromised U.S. computers: 3.6 million
Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers. It injects fake HTML forms into online banking login pages to steal user data.
The leader is Zeus, with 3.6 million compromised PCs so far. The Zeus Trojan uses key-logging techniques to steal user names, passwords, account numbers and credit card numbers, and it injects fake HTML forms into online banking login pages to steal user data
And how the heck does that make it a botnet? Apparently now botnet is a buzword for any type of popular malware now. Now, if it said that it went and DDoSed websites, yes that would make it be a botnet, but this? That just is malware.
Taxation is legalized theft, no more, no less.
Are they wanted Dead or Alive?
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
Number 5: "It's nice to be wanted."
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
Don't you think it's a problem that a lot of people have never heard of Zeus? I would agree with you if Conficker was the only computer worm/virus out there.
People don't go to the mall and leave their car unlocked*, so why do users think security on a computer is not just as important?
20 years of Microsoft trying to convince them security isn't an issue might have something to do with it.
You are in a maze of twisty little passages, all alike.
Simple: There's always a window between a virus appearing in large numbers and an antivirus updating itself. Get a copy of Virtual PC and try it yourself - get a few viruses from your daily spam. I do it every once in a while and it can take two or three days for my antivirus to kick in. Today's Viruses can disable all the major antivirus programs and prevent you from rebooting in failsafe mode to delete them so once they're in, they're in. There's no way for the antivirus to get rid of them.
No sig today...
How has microsoft convinced anyone for the past 20 years that security isn't important? If anything, I'd say it HAS convinced people security IS important.
Sent from your iPad.
Microsoft has made security a real issue since about 2000, or at least acknowledged it. Since about 2004 they have actually made significant headway solving the problem. Before then, they were pretty much completely negligent on securing their system or making users aware that Windows was like a sieve.
That adds up to about 20 years of ignoring security, the legacy of which is still causing problems today, such as the more than 10 million botted Windows machines across the world.
You are in a maze of twisty little passages, all alike.
I thoroughly recommend the Trinity Rescue Kit precisely for this purpose and for repairing and/or cloning NTFS partitions from a bootable Linux CD.
And, no, I'm nothing to do with any of the team who develop it, I came across it pretty much by accident and have used it ever since.
Gentoo Linux - another day, another USE flag.