F-Secure: 12 million 'active' bots worldwide

In a new report, the Finnish security vendor says botnet activity stepped up worldwide in 2008, and potential numbers of infected zombie PCs are "staggering".
Written by Vivian Yeo, Contributor

There are at least 12 million "active" bots or zombie computers, in the world, according to a new report from security company F-Secure.

Released Thursday, the F-Secure Data Security Wrap-up 2008 for July to December noted that botnet activity around the world increased this year. While there are no available figures for the actual numbers of bots, the estimates are "staggering".

Applying a 1 percent infection rate on the 1.2 billion computers globally, F-Secure said about 12 million would exhibit bot-like behavior. The vendor pointed out that the infection estimate was very conservative and the actual number could be many times higher.

According to F-Secure, bots remain a major challenge to the IT industry, as they contribute to unprecedented levels of spam and malware distribution. Its malware count in 2008 of 1.5 million was triple that of 2007, the company added.

Many of the world's bots are "orphans" without a botmaster, that waste computing resources and bandwidth, F-Secure reported. These could be machines whose command and control servers have been discovered, or those that have been taken out of service. However, such bots can still attempt to call home or carry out their assigned tasks.

During the year, F-Secure conducted a study that examined about 60 of such orphaned bots. By monitoring the communication attempts of these bots, over 200,000 unique IP addresses were yielded within a 24-hour period. "We know that 200,000 is just the tip of the iceberg and are planning for more extensive research and anti-bot services in 2009," the company said in the report.

Botnets, warned F-Secure, will continue to grow and also adopt new technologies, such as Storm worm variants which created "="" title="Spam increasing again after shutdown of hosting company -- Thursday, Nov. 27, 2008" class="c-regularLink" rel="noopener nofollow">clamping down of rogue ISPs, malware authors may implement or beef up disaster recovery plans. Stepped-up efforts of shutting off command and control servers, could also force cyber gangs to compete with fewer resources.

Editorial standards