Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/5/2009
10:15 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

McAfee Report: Bot Infections Jump 50 Percent Over Last Year

Botnets have added nearly 12 million new IP addresses since January, with Conficker malware representing only around 1 percent of all infections

The number of bot-infected machines has jumped nearly 50 percent over last year, with the U.S. now home to the most zombies in the world, according to a new McAfee report released today.

And the Conficker worm -- which grabbed mainstream media attention last month -- is not a major factor in the bot infection counts nor overall infections, with Conficker infections accounting for only about one percent of all virus detections in the first quarter of this year, according to David Marcus, director of security research for McAfee.

McAfee Avert Labs found 12 million new IP addresses performing bot operations in the first quarter, according to the report, but spam activity still has not caught up to its level prior to the McColo takedown last November. "The activity level of new zombies indicates that the spammers are working hard to regain the infrastructure lost and that volumes will return to previous levels sometime soon," the report says.

The U.S. has 18 percent of all bot-infected machines, up from 15.4 percent in the fourth quarter of 2008, surpassing China, which now has 13.4 percent, down from 15.8 percent in Q4 '08. A new hotspot for zombies is Australia, which now has 6 percent of all bots, up from 4 percent in the fourth quarter, and below 2 percent in the third quarter of 2008.

"The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware," says Jeff Green, senior vice president of McAfee Avert Labs. "Essentially, this is cybercrime-enablement."

Spam email has decreased to its lowest level since 2006, dropping below 90 percent of all email at its peak quarter last year. But it was still at a total of 90 percent for the year, according to the report.

Last month was a relatively dry spam spell, with 100 billion spam messages received per day versus last year's average of 153 billion. "Although email accounts and their activity vary greatly, we estimate that individuals are receiving between six and 12 fewer emails per day compared with last year," McAfee said in its report. Not to worry, however: McAfee expects spam levels to recover to their 2008 levels.

Among other highlights from the report: The Koobface virus is making a comeback, with more than 800 new variants discovered in March, and the bad guys exploited more legitimate content servers as a way to infect their victims. They've also upped the number of URL redirects to mask their whereabouts.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
CVE-2021-3197
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.