Botnets are currently one of the most serious threats to internet users, responsible for generating most of the internet's spam, phishing emails and denial-of-service attacks.
In its semi-annual Internet Security Threat Report, Symantec found that even as the number of zombie PCs increased by 29 percent to 6 million in the second half of 2006, the number of control servers decreased by one-quarter, as botnet owners consolidated their networks and increased the size of their existing networks.
Forty percent of those control servers are based in the U.S., which originated the most malicious activity of any country at 31 percent, Symantec said. It was followed by China with 10 percent and Germany with 7 percent.
But China is the country where most of the physical machines making up the botnets are now located, with 26 percent of all zombie PCs. That honor was previously held by the U.S., and, up to the first half of 2005, by the U.K.
Symantec believes botnet infections grow rapidly in countries that are experiencing a sudden increase in the number of broadband connections.
Beijing is now the city with the most zombie PCs, with 5 percent of the world's total. In the EMEA region, France and Germany now have the biggest share of zombie PCs, with the U.K.'s proportion falling from 22 percent to 11 percent. Madrid is the most bot-infested city in EMEA, with 6 percent of the regional total; it's followed by London and Paris.
Symantec counted an average of 21,707 new active zombies per day in EMEA during the period measured. More than 2.3 million zombies were active at any time in EMEA, sharply up from the 1 million per day average of the previous six months.
The company found that, as predicted, attackers are shifting away from mass-mailing worms toward using Trojans, with Trojans constituting 45 percent of the top 50 malicious code samples, up 23 percent from the previous six months.
Symantec noted 12 zero-day (unpatched) bugs during the second half of 2006, up from only one the previous half.
By Matthew Broersma
Techworld.com