Panda Software reports a 175% increase in new bots in 2005

Bots have consolidated their position as one of the main Internet threats in the new malware panorama. According to data provided by PandaLabs, these threats have increased by around 175 percent in 2005 with respect to the previous year, and more than 10,000 examples appeared. Bots represent more than 20 percent of the total new malware detected in 2005.

Bots (an abbreviation of “robot’) are programs that can reach computers in a number of ways and then go resident, awaiting commands from their creators, normally via IRC. The success of this threat is fuelled by its multipurpose nature, as it can execute any type of order and even update the vulnerabilities it uses in order to spread, to improve its chances of infecting computers. They normally are used to make up extensive networks, popularly known as botnets, used by their creators to take massive-scale actions, such as sending spam or distributing other malware.

“Botnets are one of the current business models of cyber-crime”, explains Luis Corrons, director of PandaLabs. “The biggest problem lies in their secrecy: a large company could be serving the interests of a group of malware creators without realizing it. Many of their computers could be at the disposal of these cyber-crooks, with all the legal implications that this might have for the company itself.”

The new focus of malware, is leading to the professionalization of both the creation of malware and the search for financial returns. For this reason, the number of variants developed in a family could stretch into the thousands, a figure far too high for signature-based protection to cope with. For example, in the prolific Gaobot family, more than 6000 new variants were registered in 2005 alone.

“TruPreventTM has neutralized around 7000 new bot variants since being introduced in August 2004, thanks to its heuristic and behavioral analysis technologies, long before signature-based systems were able to react “, adds Luis Corrons. “It is impossible to ignore the fact that each of these variants generates numerous infections and therefore the total number of zombie computers could reach hundreds of thousands.”

Botnets are a type of cyber-crime. The “herders’ (those that control the botnets) use malware distributed across the Internet in order to capture and take control of new computers. They then hire out the botnet to spammers, blackmailers, etc. to launch spam, carry out denial of service attacks, distribute spyware, etc. A highly lucrative business at the expense of consumers and even corporate networks.

Luis Corrons concludes: “Cyber-crime nowadays takes many forms, and perhaps even more dangerous than botnets are the targeted attacks that we have witnessed recently. The recent “Trojangate’ scandal in Israel is a clear example. It is in situations like that where TruPreventTM proactive protection technologies come into their own, where signature files are completely useless because of the customization and scarcity of the malware which rarely reaches antivirus companies. Until now it is a risk that companies have not considered sufficiently, but one which is no longer possible to ignore.”

About PandaLabs

Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients save. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPreventâ„? Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users (more info at www.pandasoftware.com/pandalabs.asp).