The Bots are Back in Town

The quiet you heard was a trick.

Get It Try It

Things actually looked good there for a while. Storm crashed; so did Srizbi. But new botnets are rising and spam will again flood the information highways and continue to infect and recruit Windows computers.

Back in September 2008 the upstream providers shut out Atrivo, the company hosting the Storm worm, and the Internet enjoyed a brief and minimal recovery. Other worms running off the Atrivo network were Cutwail, Srizbi, and MegaD.

Back in November 2008 the San Jose based McColo, haven for the Atrivo refugees and credited by some with generating 75% of all spam on the Internet, was also shut down. McColos's providers Global Crossing and Hurricane Electric suddenly got cold feet and at least the latter openly pulled the plug.

Which is hardly bad news. If Bill Gates won't sell secure computers at least others can do their part to keep the Internet itself clean and free.

But good news like the above in a world where silly standalone personal systems dominate cannot last for long. One simply can't keep an unfit product like Windows down forever. In other words: the botnets will be around as long as Windows is legally allowed to connect. And the new generation of botnets are more clever than ever.

• Rustock. Contains a rootkit which of course is child's play to sneak onto a Windows system. Currently has close to 150,000 Windows zombies in its employ.
• Donbot. At least 125,000 zombies. Spam specialities include weight loss drugs, stock investment scams, debt settlement offers.
• Xarvester. At least 60,000 zombies before the demise of McColo, growing again ever since. Sends Russian language spam, pharma spam, fake diploma scams.
• Cimbot. A clever one. Part of the new generation. Perhaps only 10,000 zombies so far but can rise due to its more advanced technology.
• Waledec. A complete rewrite of Storm. Sends out bogus holiday ecard greetings. Zombies exchange updates and get their orders through an encrypted peer to peer technology. The encryption is now 1024 bit RSA - meaning it won't be broken as easily as Storm's was.

As the botnet authors write more and more code they get better and better. Symantec may claim malware's at 80% of where things were a year ago but 80% of 90% of all Internet traffic is still a lot more than legitimate traffic. And the odds will never be fair: Windows is a pushover - it's unfit for Internet use.