Two worm “families” make up most botnets

The Sdbot and Gaobot families are responsible for most botnets worldwide. These two families were responsible for 80 percent of detections related to bots during the first quarter of 2007. Other culprits, although on a much lesser scale, included Oscarbot, IRCbot or RXbot.

Bots are automated worms or Trojans that install themselves on computers to carry out certain actions automatically, such as sending spam, and turning the compromised computers into “zombies’. Botnets – networks made up of computers infected with bots – have become a lucrative business model. There is an underground market for renting bots in order to send spam or install spyware or adware for example.

In 2006, bots accounted for 13 percent of all new threats detected by PandaLabs. Of those, 74 percent belonged to the Sdbot and Gaobot families.

As bots are expanding, the way they are controlled is changing. Until now, most of them were controlled through IRC servers. This allows attackers to send orders while hiding behind the anonymity of these chat servers. However, now there are bots that can be controlled through Web consoles using HTTP.

Bots often reach computers in emails that use social engineering or exploit system vulnerabilities. The aim is for them to be installed silently and to operate for long periods of time without users or security companies realizing.