According to Check Point stats ‘redundant’ botnets accounted for 35% of recognized attacks in March.
This collected data shows that Conficker variants were top with a 20% share, followed by Sality with 9.5%, and Cutwail was responsible for 4%. The researchers conclude that malware authors do not need to launch new attacks, only to relaunch existing variants with market updates to by-pass most current security.
The worm Conficker reached its peak in 2009 with an estimated three million PCs infected. Sality was first discovered in 2003 and several variants have been released since 2010; developments in this malware include the addition of rootkit capabilities. The botnet Cutwail is introduced to a machine via a trojan called Pushdo, dates from 2007 and is mainly used for sending spam ‘mail. So, these origins and the stats bear out Check Point’s conclusion.
Orli Gan, Head of Threat Protection at Check Point asserted that the developers of malware did not need to move-up development technology, only to tweak it with updates. This is because most companies have inadequate security to deal with existing threats. She said “…the truth of the matter is a small percentage of companies actually have advanced technologies deployed…the more you hear about companies being hit and more damage being done, the more boardroom discussions will occur and people will ask the right questions and the right solutions will surface. It is much cheaper to buy security than to deal with an infection.”
Luis Corrons of PandaLabs backed this up, saying that botnets are constantly infecting vulnerable systems, “Good news is that I expect this will eventually die at some point, or at least stop being that prevalent. As old computers die and people migrate to Windows 10, the landscape changes for the better“. This is because Windows 10 will have an integral anti-virus program. While this is not the best security, it can recognize older threats like Conficker and Sality – at least for the present.