Botnets: Size Isn't Everything

Artwork: Diego Aguirre
Published figures estimating the size and scope of botnets are often inaccurate and do not reflect the threat these compromised networks pose to security, according to research released this week by ENISA, the European Network and Information Security Agency.

The study on botnets, which are networks of ordinary computers controlled by cybercriminals, and the threats they pose, looks at the reliability of botnet size estimates and says the total annual global economic loss attributed to malicious software activities is estimated at more than US$ 10 billion.

See also: Smartphone botnets: Report predicts mobile devices will be part of DDOS attacks

"A shift in the motivation for the creation of malicious software has led to a financially-oriented underground economy of criminals acting in cyberspace," the report states.

MORE ON THE BOTNET WAR

* What a botnet looks like

* The botnet hunters

* Report: Rustock still top dog among spam botnets

* With botnets everywhere, DDoS attacks get cheaper

[Click to Zoom]
Among the many activities botnet's are responsible for, sending out spam and taking part in denial-of-service attacks are some of the more well-known. The report's authors say existing approaches to measuring the size of botnets are often wildly off-base because there is a high incentive for exaggeration.

"Media attention, publicity and interest in receiving financial support are strongly correlated with the level of threat published," the report states. "Over the last few years, the term 'threat level' has been almost exclusively associated with the size of botnets. Well-known reported figures for botnet sizes that caught major media attention ranged from around 7-9 million bots for Conficker, over 13 million bots associated with Mariposa and up to 30 million infected machines in the Bredolab botnet. As big numbers imply big threats, therefore high attention, there is a significant incentive for overestimation."

"The botnet numbers define the political agenda and they determine 100's of millions of Euros of security investments -- we should understand what is behind them," says Dr. Giles Hogben, the report's editor. Hogben also said the size of a botnet is only one way to factor the threat it poses.

"Size is not everything -- the number of infected machines alone is an inappropriate measure of the threat," said Hogben.

Researchers suggest several tactics to mitigate the threat of botnets, including incentives for Internet Service Providers for detection efforts, and improvements in botnet identification, monitoring and malware analysis.

Subscribe to the Security Watch Newsletter

Comments