The Global Botnet Threat

November 14, 2012

Botnets are a group of infected computers controlled by cybercriminals to send spam or viruses to other computers on the Internet. In the second quarter of 2012, these infections reached a 12-month high — at the same time there were spikes in the volume of global spam. This correlation shows the prevalence of botnets in spam activities. It also shows that to maintain spam activity, botnet workloads must increase.

Global Botnet Trends
Global botnet infections dropped sharply toward the end of the third quarter of 2012. Despite numbers dropping in most regions, botnets continue to be a threat, with infections increasing in Germany and Spain. According to some security experts, authorities have been successful in shutting down all known control servers for the Grum botnet in the Netherlands, Ukraine, Russia, and Panama. McAfee Labs researchers’ global tracking confirms that computers controlled by Grum and used to send spam emails are no longer receiving commands. With Grum disappearing and the botnets Cutwail and Festi declining, the threat from the top messaging botnets has greatly diminished.

The location of transmissions from botnets also changed significantly in 2012. This was also true for country-specific spam. The number of botnet senders increased in Germany, Spain, and the United Kingdom. Botnet senders decreased significantly in Russia and South Korea. Japan and India also saw botnet senders decline.

McAfee Labs researchers analyzed the location of botnets to show how the five most widespread botnet families are represented in various countries around the globe. Cutwail and Festi are the global leaders with one significant exception: China. More than half of the attacks in China are by “other” botnets, demonstrating that China has its own attackers with their own unique agendas.