Although there have been countless botnets that have circulated through the Cloud, the vast majority have only been variations of a few that have created a school among the community of evil programmers. Of these botnet models, some have stood out both for the damage they could cause and for the number of compromised systems.
Although some of these malware are currently dismantled, since patches have been released and are well known to antivirus and thus easily blocked, they can become a threat again if modifications were made to their original code. But others are still active and could do a lot of damage.
Botnets
▸STORM
Storm was the largest and most widely spread botnet to date. It had the added value of being available for sale or rental from others, particularly because of its DDoS capabilities. Social engineering and spam helped its spread, but its attackers also launched it through downloads on popular websites that were compromised, making downloads a major factor in infection with around 1,000,000 to 50,000,000 of them. infected computers.
▸COFICKER
Conficker is the only one that downloads updates on its own, using signed and encrypted binaries to help avoid any cleaning action. Once version E is active, Waledac is downloaded and installed to send spam which is estimated to have infected between 9,000,000 and 15,000,000 computers. SpyProtect 2009 is a variation with which to try to convince potential victims to buy a fake antivirus program when in reality what it does is initiate a series of DoS attacks.
▸BUTTERFLY
Butterfly infected an approximate number of 1,000,000 to 12,000,000 computers, being a keylogger, software that monitors and records in a registry the user’s keyboard activity to capture credentials in banking sites, credentials with which to send massive spam messages and take the computer control for use in DDoS attacks. The Mariposa network was available to rent.
▸ZEROACCESS
ZeroAccess can compromise a system by infecting both the hard disk MBR and critical drivers and is capable of disabling both Windows firewall and antivirus software. Microsoft and the North American authorities tried to kill ZeroAccess by taking over command and control consoles, but part of it was lost and these peer-to-peer elements could launch new attacks in the future.
▸METULJI
Metulji was influenced by those of other botnets, offered itself as a kit to other criminals, and actually incorporated licensing into its resale options. In addition to participating in DDoS attacks, it logged credentials to banking sites, following keyboard entries from victims with a total of 12,000,000. of computers that became infected with Metulji.
