A decade of malware: Top botnets of the 2010s
(Source: zdnet.com)

clicks | 2 months ago | Google AI sentiment 0.10 | comments: discuss | tags: cryptocurrency


Article preview (bot search)

(Original link: zdnet.com)

CNET Decade in Review: 2010-2019
From the iPad to selfies to fake meat, we look back at an action-packed decade
Read More
Over the past decade, the information security (infosec) field has seen a near-constant rise in malware activity.
Without a doubt, the 2010s was the decade when malware exploded from a casual semi-ammateriush landscape into a full-blown criminal operation, capable of generating hundreds of millions of US dollars per year for the actors involved.
While there were thousands of malware strains that have been active in the 2010s, a few malware botnets have risen above the rest in terms of spread and size, ammounting to what some security researchers would call "super botnets."
Malware strains like Necurs, Andromeda, Kelihos, Mirai, or ZeroAccess have made a name for themselves after they've infected millions of devices across the globe.
This article aims to summarize the biggest malware botnets that we've seen over the past ten years. Since tracking botnets is never a 100% accurate operation, we're going to list the botnets in alphabetical order, and mention their peak size, as they were reported at the time.
3ve 3ve is considered the most advanced click-fraud botnet ever assembled. It operated from 2013 to 2018, when it was dismantled by an international law enforcement action, with help from Google and cyber-security firm White Ops.
The botnet relied on a mixture between malicious scripts running on data center-hosted servers and click-fraud modules loaded on computers infected with third-party malware, such as Methbot and Kovter.
3ve operators also created fake websites where they loaded ads and then used the bots to click on ads and generate profits. At one point, the botnet is believed to have been comprised of more than 1.5 million home computers and 1,900 servers clicking on ads loaded on more than 10,000 fake websites.
See previous ZDNet coverage , Google & White Ops PDF report , and Google blog post .
Andromeda (Gamarue)
The Andromeda malware was first seen in the wild back in 2011, and it's your typical "spam & malware downloader" botnet -- also known as Malware-as-a-Service (MaaS) scheme.
By this term, we are referring to a type of malware operation where crooks are mass-spamming users to infect them with the Andromeda (Gamarue) malware strain. Crooks then use these infected hosts to send out new email spam to other users, and expand or keep the botnet alive, or they download a second-stage malware strain at the behest of other (paying) malware gangs.
MaaS botnets that provide "install space" are some of the most lucrative cyber-criminal schemes around, and crooks can use different malware strains to set up the backend infrastructure for such an operation.
Andromeda, is one of these types of malware strains, and has been very popular across the years. The reason for its success is because Andromeda's source code leaked online, a few years back, and has allowed several criminal gangs to set up their own botnet and try their hand at "cybercrime."
Across the years, cyber-security firms have tracked multiple criminal gangs operating an Andromeda botnet. The biggest one known to date reached two million infected hosts, and was shut down by Europol in December 2017 .
Readers can find a collection of infosec reports on the Andromeda malware on its Malpedia page , plus this one , and this one .
Bamital
Bamital is an adware botnet that operated between 2009 and 2013. It was taken down following a joint effort by Microsoft and Symantec .
On infected hosts, the Bamital malware modified search results to insert custom links and content, often redirecting users to malicious sites offering malware-laced downloads.
Bamital is believed to have infected more than 1.8 million computers.
Bashlite
Bashlite, also known under names like Gafgyt, Lizkebab, Qbot, Torlus, and LizardStresser, is a malware strain designed to infect poorly secured WiFi home routers, smart devices, and Linux servers.
Its primarily and only role is to carry out DDoS attacks.
The malware was created in 2014 by members of the Lizard Squad hacking group, and its code leaked online in 2015.
Due to this leak, the malware has often been used to host most of today's DDoS botnets, and is often the second most popular IoT malware strain, behind Mirai. Hundreds of Bashlite variations currently exist.
Bredolab The Bredolab botnet is believed to have infected a whopping 30 million Windows computers between 2009 and November 2010, the date of its takedown, when Dutch law enforcement seized more than 140 of its command and control servers .
The botnet was built by an Armenian malware author, who used spam email and drive-by downloads to infect users with the Bredolab malware. Once infected, victims' computers would be used to send out massive quantities of spam.
Carna The Carna botnet is not what you'd call "malware." This was a botnet created by an anonymous hacker for the purpose of running an internet census.
It infected over 420,000 inte...