Botnets: Size isn't everything, says new report

European researchers say botnet-size estimates are often exaggerated and do little to assess the real scope of the threat

. What's this?

By , Senior Editor

March 08, 2011CSO

Published figures estimating the size and scope of botnets are often inaccurate and do not reflect the threat these compromised networks pose to security, according to research released this week by ENISA, the European Network and Information Security Agency.

The study on botnets, which are networks of ordinary computers controlled by cybercriminals, and the threats they pose, looks at the reliability of botnet size estimates and says the total annual global economic loss attributed to malicious software activities is estimated at more than US$ 10 billion.

See also: Smartphone botnets: Report predicts mobile devices will be part of DDOS attacks

"A shift in the motivation for the creation of malicious software has led to a financially-oriented underground economy of criminals acting in cyberspace," the report states.

MORE ON THE BOTNET WAR

Among the many activities botnet's are responsible for, sending out spam and taking part in denial-of-service attacks are some of the more well-known. The report's authors say existing approaches to measuring the size of botnets are often wildly off-base because there is a high incentive for exaggeration.

"Media attention, publicity and interest in receiving financial support are strongly correlated with the level of threat published," the report states. "Over the last few years, the term 'threat level' has been almost exclusively associated with the size of botnets. Well-known reported figures for botnet sizes that caught major media attention ranged from around 7-9 million bots for Conficker, over 13 million bots associated with Mariposa and up to 30 million infected machines in the Bredolab botnet. As big numbers imply big threats, therefore high attention, there is a significant incentive for overestimation."

"The botnet numbers define the political agenda and they determine 100's of millions of Euros of security investments — we should understand what is behind them," says Dr. Giles Hogben, the report's editor. Hogben also said the size of a botnet is only one way to factor the threat it poses.

"Size is not everything — the number of infected machines alone is an inappropriate measure of the threat," said Hogben.

Researchers suggest several tactics to mitigate the threat of botnets, including incentives for Internet Service Providers for detection efforts, and improvements in botnet identification, monitoring and malware analysis.

Read more about data protection in CSOonline's Data Protection section.

Other stories by Joan Goodchild

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER