The largest botnet is Conficker, with more than 8 million infected hosts, followed by TDSS with more than 5.5 million, Zeus with more than 3.6 million, and Koobface with more than 2.9 million, according to Kamluk, chief malware expert for Kaspersky Lab’s Global Research and Analysis Team. He told a web conference today that there are currently more than 53,000 botnet command-and-control servers on the Internet.
In fighting botnets, investigators have their hands tied by cybercrime laws around the world, Kamluk said.
The Kaspersky Lab researcher recommended that law enforcement consider taking the following steps to help investigators in fighting botnets: allow investigators to carry out mass remediation via a botnet; provide them with immunity against cybercrime laws for a particular investigation; allow them to use the resources of compromised systems during an investigation; and provide them with warrants to engage in remote system exploitation when no alternative is available.
Kamluk concluded that a procedure for getting a warrant for remote system exploitation in order to take down a botnet or disable communication within a botnet could “significantly change the threat landscape.”