Blue Coat systems has undertaken detailed research into the use of 'malnets' by criminals to help support their various attacks in order to uncover the best ways to take down these systems. Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat,
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
The company said the number of malnets now stands at more than 1,500, an increase of 300% in the past six months, and it expects they will be, "responsible for two-thirds of all malicious cyberattacks in 2012."
According to Blue Coat, the largest known malnet is Shnakule, which has used up to 5,005 malicious hosts or servers at any given time, depending on the capabilities needed at any given moment by its operators. Blue Coat believes that Shnakule is controlled by a single gang, and it's been used to serve up just about every type of known attack, including "fake AV attack, fake code, fake Firefox updates, C&C servers, gambling, work at home stuff, porn," said Van Der Horst. "They've got their fingers in every evil pie out there."
"Then the user's computer is infected with a Trojan," the report said. "Once the computer is compromised it can be used by the botnet to lure new users into the malnet by using the infected machine to send spam to email contact lists, for example."
"A compromised system can also be used to steal the victim's personal information or money, and, in some cases, can also function as a jumping-off point for attacks on neighboring machines," the report said.
"When security companies aggressively pursued the Zeus botnet, malnet operators simply shifted their resources to the Aleuron botnet, developing and using it in attacks," said Blue Coat's researchers.
Interestingly, the rise of malnets has also had some unexpected effects, the company claims. In August, Blue Coat reported that simple 'long tail' web searches were still far more important for serving malware than special events such as the London Olympics or breaking news.