RSS Alerts

Share

More services

Related Links

  • Trend Micro UK
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Zeus botnet traced to Latvian operation
    Researchers have been busy over the last few days tracing where the Zeus botnet is being controlled from, following investigations by the University of Alabama in the US, which tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the internet.
  • PC infections on the rise due to botnets
    Research from IT security vendor McAfee suggests that PC infections are on the rise once again, largely as a result of botnet operators rebuilding their swarms of infected machines in the wake of the recent McColo ISP shutdown.
  • BBC creates a botnet of 22 000 PCs in investigation
    The BBC has drawn criticism for an investigation that involved its researchers creating a botnet swarm of around 22 000 infected PCs.
  • Should infected computers be prevented from connecting to the internet?
    There is a growing movement demanding that infected PCs be forcibly disconnected from the internet. The suggestion is that internet access is a privilege rather than a right, and that it should be revoked for PCs that are infected with malware.
  • Infosecurity Weekly Brief - May 12th 2009
    Danny Bradbury rounds up the most important news in the security space from the last week.

Top 5 Stories

News

Compromised machines stay compromised - Trend Micro

17 September 2009

In-depth research into botnets from Trend Micro has found that industry estimates that compromised machines are compromised for an average of around six weeks, is significantly less than the reality.

"Our research, which took in reports from around 100 million compromised machines, found that some machines were infected for more than two years, with an average of 300 days", said Rik Ferguson, a senior security adviser for Trend Micro.

"The most interesting aspect of these statistics is that there a definite peak around the 13 months mark, suggesting that corporate machines, once compromised, stay compromised", he added.

According to Ferguson, 80% of all machines registered in the analysis as being infected for more than a month.

Trend Micro has also determined that while 75% of these compromised IP addresses are consumer locations, the remaining 25% are associated with businesses.

And, said the company, since an IP address is normally associated with the internet gateway to a computer network, many compromised machines may be associated with a single IP address.

This, Ferguson told Infosecurity, suggests that the actual business percentage of compromised machines is likely much higher than the 25% level.

Once a machine becomes compromised, it is not unusual to find it has become part of a wider botnet, he added.

"The most intriguing aspect of this research is that it flies in the face of what the industry has surmised about botnet infections previously. Either earlier estimates were wrong, or the rate of botnet infections is changing", Ferguson said.

Delving into Micro Trend's research shows that botnets control more compromised machines than had been thought. Only a handful of criminals globally (likely a few hundred) have control of more than 100 million computers, the report says.

This means that cybercriminals have more computing power at their disposal than the entire worlds supercomputers combined - small wonder that more than 90% of all email worldwide is now spam.

While there isn't exactly a 1:1 correlation between the top 10 countries with compromised machines and the top spamming countries, some correlation does exist.

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012