The graphic above is from a report out today by Team Cymru, a group that monitors studies online attacks and other badness in the underground economy. It suggests an increasing divergence in the way criminals are managing botnets, those large amalgamations of hacked PCs that are used for everything from snarfing up passwords to relaying spam and anonymizing traffic for the bad guys, to knocking the targeted host or Web site offline.
The bottom line in the graphic shows the prevalence of botnets that are managed using Internet relay chat (IRC) control channels (think really basic text-based instant message communications). The blue line trending upward depicts the number of Web-based botnets, those that the botmaster can control with point-and-click ease using a regular Web browser.
According to Team Cymru, the number of Web-based botnets has continued to climb, doubling in number over the last six months. “This trend could be explained by the low cost of entry into the HTTP based botnet field: the kits are becoming more accessible and the easier user interface for HTTP botnets means that they are generally favored over more traditional control mechanisms.”
Read more of the Team Cymru report here (.PDF).
Last month, I profiled Virtest and AV-Check, a couple of services being marketed to malware writers who want to quickly scan their creations to see how widely they are detected by commercial anti-virus tools. The graphic above is another great example of the democratization of espionage, and what I’ve called Web Fraud 2.0: Web-based services and tools that make it simple for virtually anyone to profit from online crime.
Here are a few examples of Web Fraud 2.0 I’ve written about:
Data Search Tools for ID Thieves
Faking Your Internet Address
Thwarting Anti-Spam Defenses
Distributing Your Malware
Validating Your Stolen Goods