Report highlights include:

Top 10 Largest Botnets

·         Only three of the Top 10 largest botnets for the first half of 2011 appeared in the Damballa Top 10 Botnets for 2010 Threat Report.

·         “OneStreetTroop”, the Damballa reference to a botnet operation reliant on crimeware generated by the popular SpyEye do-it-yourself (DIY) construction set, climbed from #10 in 2010 to the #1 position for the first half of 2011.

·         The prevalence of improved DIY crimeware construction kits and associated exploit packs is visible in the makeup of the results for the first half of 2011. Eight out of the Top 10 largest botnets utilize popular “off-the-shelf” construction kits.

Mobile Threats

·         Over the first six months of 2011, the number of hijacked Android devices engaging in ‘live’ communications with criminal operators grew at a significant rate. 

·         Until recently, mobile malware abuse has been limited, to some extent, to premium rate fraud or other tactics that did not rely on a command-and-control architecture.  Having mobile malware contact the criminal operator and establish two-way internet communication now makes the mobile market as susceptible to criminal breach activity as desktop devices.

Most Abused TLDs for LIVE C&C

·         Not surprisingly, the most popular TLDs, .com, .info, .net, .org and .biz are among the top 10 most abused by criminals. 

·         The TLD “.in” (India) ranked as the fifth most popular TLD for C&C use.  This country code TLD has not historically been considered to be heavily abused.

·         90-percent of all “live” C&C take advantage of the Top 10 most abused TLDs