Researchers with Internet security group Team Cymru, headquartered in Burr Ridge, Ill., have reported that in the last six months they found a doubling of the number of botnets controlled through http – indicating easy-to-use point-and-click kits that function in a browser. The number of botnets controlled through Internet relay chat channels – a traditional command-and-control mechanism – has remained steady.
In the report just released, the group said “the kits are becoming more accessible and the easier user interface for http botnets means that they are generally favored over more traditional control mechanisms.”
Well-known Internet security blogger Brian Krebs calls it the rise of “Web Fraud 2.0.”
The hosting locations for botnet IRC channels are overwhelmingly in the U.S. and western Europe. The http servers that are used for botnet C & C are in the U.S., China, Russia and Brazil, Team Cymru said.
Team Cymru Research specializes in monitoring malicious Internet activity.
Their white paper “Developing Botnets – An Analysis of Recent Activity,” by Steve Santorelli can be found here.
Tom Kelchner