Friday, 2 January 2015

Spamhaus Sees Increase In Botnet Servers In 2014


The past year were more servers detected that were used by botnets to control infected computers, according to Spamhaus in a new survey published. According to the anti-spam organization comes as no surprise that there are more botnet activity was observed.


Most botnet servers are located at providers with undermanned abuse departments, inadequate abuse policy or who are not able to detect abuse on their network efficiently and fight. The areas used by cyber criminals for their botnet servers are mainly registered with registrars in countries with lax laws and enforcement against cyber crime.



Last year saw Spamhaus 7182 unique IP addresses when a botnet server was hosted. An increase of IP addresses 525 (7.88%) relative to 2013. In 48% of cases, however, it was a hacked web server. The botnet servers were hosted on different network in 1183. Most botnet servers were found in the French OVH, German and Dutch Hetzner Leaseweb. Spamhaus notes that this is just about the raw numbers and the numbers say nothing about how long a botnet server is active, or the provider responds quickly to takedown requests.


When it comes to registrars where cyber criminals domain names for their botnet server register the top 5 consists only of Russian and Chinese registrars. Furthermore, are also American registrars extended in the overview. Regarding the tld who choose the cyber criminals is most likely to domains ending in .com and .ru. Further from the survey shows that most botnet servers are used for controlling banking Trojans, Trojans that are designed to steal money from online bank accounts. 4565 servers (63.5%) were used for this type of malware.

No comments:

Post a Comment