Compromised machines stay compromised - Trend Micro

"Our research, which took in reports from around 100 million compromised machines, found that some machines were infected for more than two years, with an average of 300 days", said Rik Ferguson, a senior security adviser for Trend Micro.

"The most interesting aspect of these statistics is that there a definite peak around the 13 months mark, suggesting that corporate machines, once compromised, stay compromised", he added.

According to Ferguson, 80% of all machines registered in the analysis as being infected for more than a month.

Trend Micro has also determined that while 75% of these compromised IP addresses are consumer locations, the remaining 25% are associated with businesses.

And, said the company, since an IP address is normally associated with the internet gateway to a computer network, many compromised machines may be associated with a single IP address.

This, Ferguson told Infosecurity, suggests that the actual business percentage of compromised machines is likely much higher than the 25% level.

Once a machine becomes compromised, it is not unusual to find it has become part of a wider botnet, he added.

"The most intriguing aspect of this research is that it flies in the face of what the industry has surmised about botnet infections previously. Either earlier estimates were wrong, or the rate of botnet infections is changing", Ferguson said.

Delving into Micro Trend's research shows that botnets control more compromised machines than had been thought. Only a handful of criminals globally (likely a few hundred) have control of more than 100 million computers, the report says.

This means that cybercriminals have more computing power at their disposal than the entire worlds supercomputers combined - small wonder that more than 90% of all email worldwide is now spam.

While there isn't exactly a 1:1 correlation between the top 10 countries with compromised machines and the top spamming countries, some correlation does exist.

What’s Hot on Infosecurity Magazine?