« September 2008 · March 2009 · September 2010 »

November 2008
MonTueWedThuFriSatSun
     0102
03040506070809
10111213141516
17181920212223
24252627282930
December 2008
MonTueWedThuFriSatSun
01020304050607
08091011121314
15161718192021
22232425262728
293031    
January 2009
MonTueWedThuFriSatSun
   01020304
05060708091011
12131415161718
19202122232425
262728293031 

Calendar:

  • 29.01.2009: Asprox Goes Phishing Again
  • 24.01.2009: More Waledac Domains to Block
  • 22.01.2009: Asprox - It's Baaaaaaack
  • 19.01.2009: Inauguration Themed Waledac - New Tactics & New Domains
  • 09.01.2009: Waledac Domains - Updated List
  • 31.12.2008: Waledac is Storm is Waledac? Peer-to-Peer over HTTP.. HTTP2p?
  • 11.12.2008: IE7 0-Day Exploit Gets Worse
  • 10.12.2008: IE7 0-Day Exploit Sites
  • 05.12.2008: Anti-Fraud Website Under Constant DDoS Attack
  • No entries for November 2008.
Newest first Oldest first

Friday, 5 September 2008

Shadowserver Bot Count Charts

The past few days have seen a great deal of attention given to several of Shadowserver's recent charts. What seems to have caught everyone's attention is the apparent rapid rise in the number of 'drone' systems, or bots. Since we've seen all kinds of speculation and conclusions, we thought we'd attempt to clarify the issue.

First, it's important to recognize what we are reporting on. There is a distinction between a 'bot' and a 'botnet'. A bot, also known as a drone, is a single compromised, or infected system that is part of a botnet. There can be many hundreds, if not thousands of bots within one botnet.

Shadowserver's monitoring systems allow us to report on the quantity of bots within the botnets that we're currently aware of. As we improve and expand our detection and monitoring systems, it naturally follows that we're able to have an increased visibility into the quantity of compromised systems. It is this increased visibility that is but one component to our reported increase in bot counts. The other component is, unfortunately the fact that the number of infected client and server systems do continue to rise.

Even with Shadowserver's expanding capabilities, we believe that we're only monitoring and reporting on a small percentage of the total problem. Botnets continue to advance in both their architecture and their methods of recruiting new bots. We have seen an alarming rate of compromise against legitimate web servers which are then used to serve up malware to unwitting web surfers. As the surface area of infection continues to expand, so will the number of compromised systems, or bots.

So while our charts may currently indicate a “quadrupling” of the number of bots over the past three months, it is important to remember that we're just looking through a few windows into a much larger structure. The structure continues to grow, but so does our ability to utilize more windows of analysis. It will be quite interesting for us as well to see how these numbers trend over time. We certainly hope that the attention our reports have received over the past few days has further raised awareness to this serious problem. We also hope it has been a motivation for others to take steps to better safeguard both server and client systems.

=>Posted September 05, 2008, at 04:39 AM by Andre' M. DiMino - SemperSecurus