It seems like it’s come true, after extensive research Damballa has uncovered the biggest botnet ever, which at present has over 400,000 unique IPs (in a space of only 24 hours) which is more than double that of storm.
Imagine the kind of traffic that could produce in a concentrated DDoS attack?
Researches have unearthed what they say is the biggest botnet ever. It comprises over 400,000 infected machines, more than twice the size of Storm, which was previously believed to be the largest zombie network.
Machines from at least 50 Fortune 500 companies have been observed to be running the malicious software that’s at the heart of “Kraken,” the botnet that security firm Damballa has been tracking for the last few weeks. So far, only about 20 percent of the anti-virus products out there are detecting the malware. Just as a con artist might throw off detectives by changing his hair color or other physical characteristics, Kraken’s ability to morph its code base has allowed it to evade the majority of malware detectors.
“Kraken, despite being on all these people’s computers, has such low anti-virus coverage,” said Paul Royal, principal researcher at Atlanta-based Damballa. “Anti-virus companies can’t keep up with the arms race because of the number of variants and the frequency of the updates.”
It’s a sad fact that only 20% of AV products actually detect the malware part of the infection. Kraken morphs its’ codebase which certainly makes it more difficult to recognise. It’s also frequently updated and seem to evade even the more advanced security protection that companies use like firewalls with AV capability, IDS and IPS.
Kraken’s primary activity is sending spam that advertises high-interest loans, male-enhancement techniques, fake designer watches and gambling opportunities. Damballa has observed as many as 500,000 pieces of junk mail being sent from a single zombie.
Estimates have varied wildly for the number of bots belonging to the Storm network. While some researchers have said millions of machines have been compromised, MessageLabs in February put the number of nodes at just 85,000. Whatever the number – Damballa estimates Storm has 200,000 victim – it was believed to be the biggest.
Until now, that is. It has clearly been eclipsed by Kraken, which on March 25 was observed to have compromised 409,912 unique IP addresses during a 24-hour period. Royal predicted the number will grow to more than 600,000 in the next two weeks.
It’s sending out a scary amount of spam…with 500,000 being sent from a single IP and there being 400,000 unique IPs in the network, that’s a hell of a lot of junk mail that can be sent out in one day.
It seems like the guys doing this have a lot to gain financially so they are getting more and more advanced, more for us to fight against eh?
Source: The Register