Biggest-ever criminal botnet links computers in more than 172 countries
Cybersecurity experts say that the world's biggest-ever botnet is still operating, despite the arrests of two cyber criminals, which required coordinating law enforcement across two continents.
Botnets are increasingly used for both criminal and civil-disobedience purposes. Hactivists in 'Anonymous' – such as these wearing Guy Fawkes masks in Spain on May 15 – use voluntary botnets for cyber-sit-ins, where they clog up websites with denial-of-service attacks. Criminal botnets use slaved machines to steal information.
Arturo Rodriguez / AP / File
Computer security experts say they have detected what appears to be the world's largest-ever computer "botnet," a network of millions of computers controlled clandestinely by a criminal cyber gang with roots in Eastern Europe.
Skip to next paragraph
Subscribe Today to the Monitor
No one yet knows for sure just how many million "zombie" computers are under the thrall of this still-unnamed massive botnet, but it sprawls across 172 countries, according to Unveillance, the Wilmington, Del., botnet-tracking firm that announced the discovery Wednesday.
By contrast, the huge Mariposa botnet, one of the largest ever discovered, as recently as 2009 controlled up to 12 million zombie computers in about 100 countries. Mariposa has now been neutralized by law enforcement. But this newly discovered botnet – a kissing cousin of Mariposa, built with the same "Butterfly Bot" software kit and sharing similar stealthy characteristics – has spread much farther.
"We don't know yet how many computers are part of this new network, but we can infer that it is likely to be the largest ever, based on how many countries with infected computers are connected to it and its rate of growth," says Karim Hijazi, CEO of Unveillance, in an interview. "This is a completely fresh botnet: enhanced, more advanced, and difficult to detect. We now see it has been spreading since at least 2007."
How to build a bigger botnet
Like Mariposa, the new goliath spreads via removable memory sticks and hides itself in various locations on a computer – making it difficult to remove even if you know your computer has been infected, which most people do not, Mr. Hijazi says. Because it is "polymorphic" – changing its digital signature constantly – the new baddie escapes detection by anti-virus software.
It also joins a vicious trend. Millions of criminal botnets operate on the Internet today, ranging in size from a few hundred machines to millions. In this case, the botnet grows as malicious software is spread, when removable USB drives – or smartphones, cameras or any other device plugged into one computer – get plugged into another computer. It can quickly turn a home, corporate or government computer network into just one more zombie or “bot” that will do whatever its criminal “bot master” orders it to do, all without the owner knowing anything about it.
These comments are not screened before publication. Constructive debate about the above story is welcome, but personal attacks are not. Please do not post comments that are commercial in nature or that violate any copyright[s]. Comments that we regard as obscene, defamatory, or intended to incite violence will be removed. If you find a comment offensive, you may flag it.