Impersonator Bots See Steady Increase in Traffic

Botnets are used for a variety of tasks, for everything from legitimate and innocent search engine indexing and RSS feed compilation to mass-scale hack attacks, DDoS floods, spam schemes and click-fraud campaigns. In its latest report on the state of the bot, Incapsula found that found that malicious bot traffic is growing, while “good bot” activity continues to decline.

In 2013, bots accounted for more than 60% of all traffic flowing through Incapsula-protected domains. This year, the report found that bot traffic volumes decreased to 56% of all web visits. But while total bot activity dropped more than 10% this past year, the bulk of the decline reflects a steady drop in bots associated with RSS services.

“Our analysts’ initial assumption was that the shift was related to the Google Reader service shutdown,” the report said. “Upon further inspection, we saw that the Feedfetcher bot associated with the service was still as active as ever, while the decline in RSS bot activity was across the board. This downward trend is the main reason for the 10% drop in good bot activity and is another indication of the slow demise of RSS services.”

But, impersonator bot volume continued to grow—increasing by nearly 10% in 2014 and by over 15% since 2012. This is, in fact, the only bot category displaying consistent growth for the third year running, according to the report. These include DDoS bots having browser-like characteristics, rogue bots masked by proxy servers, and those attempting to masquerade as accepted search engine crawlers.

Overall, the firm found that roughly one in three visitors is a malicious agent.

Bot traffic to larger websites is at around 50%, while for smaller websites, bots account for 60% to above 80% of all traffic. Assuming that most websites get fewer than 10,000 visits per day, they are actually serving two to four bot sessions for every human visitor. 

What does this mean for the average website owner? Clearly, this affects their bandwidth consumption and, consequently, their bottom line. But when it comes to cyber-risk, smaller sites aren’t disproportionately affected, interestingly.

“As it turns out, malicious bots pose a categorical threat to all websites, regardless of size,” the report noted. “The average percentage of bad bots is consistently hovering around the 30% mark, regardless of website size or popularity.”

What’s Hot on Infosecurity Magazine?