Redundant botnets were responsible for 35% of recognized attacks in March, according to data collected by Check Point.
It said that Conficker was the most prominent family with 20% of the recognized attacks; Sality was responsible for 9.5%, and Cutwail for 4% of the recognized attacks. It said that this highlights the fact that cyber-criminals do not need to develop entirely new malware to launch damaging attacks; they simply need to make small changes to existing families to enable the updated variant to bypass traditional security measures.
Orli Gan, Head of Threat Prevention, Product Management at Check Point, told Infosecurity that the reason that so many old botnets remain active is because too few companies have advanced threat prevention technologies in place.
“I am not just saying that because I am a vendor and want to see the market grow, but the truth of the matter is a small percentage of companies actually have advanced technologies deployed,” she said. “It will take time and the more you hear about companies being hit and more damage being done, the more boardroom discussions will occur and people will ask the right questions and the right solutions will surface. It is much cheaper to buy security than to deal with an infection, but some companies really need to deal with an infection before they realize it.”
The Conficker worm was prevalent in 2009, when it was estimated to have infected more than three million PCs. The Sality virus allows remote operations and downloads of additional malware to infected systems by its operator. The Cutwail botnet mostly sent spam emails relating to Valentine’s Day or Hallowe’en.
In an email to Infosecurity Luis Corrons, PandaLabs technical director at Panda Security, said that these botnets are persistent and keep infecting people that run unprotected systems.
“Good news is that I expect this will eventually die at some point, or at least stop being that prevalent,” he said. “As old computers die and people migrate to Windows 10, the landscape changes for the better. Windows 10 will turn its own anti-virus on where there is no protection on the computer, and even though it might not be the best security solution, it can handle old threats such as Conficker and Sality.”