Microsoft has published an incredibly detailed look at botnets, the networks of compromised network-connected computers that are one of the main distribution mechanisms for spam, malware, phishing attacks and other cyberattacks. In its latest Security Intelligence Report, Volume 9, Microsoft researchers focus on botnets and how to combat the threats they pose.
The report itself is split into multiple sections and in total is more than 240 pages of content. Of special interest is the “featured intelligence” report on botnets, “Battling Botnets for Control of Computers.” This report provides a great overview of botnets, their history and operation. It also provides some really interesting statistics about the most active botnets during Q2 of 2010.
Because Microsoft’s Windows OS is installed on so many computers, and because it includes their malicious software removal tool (“MSRT”), Microsoft is in a unique position to report on frequency of botnet infections. In the report, they report that the MSRT cleaned more than 4.3 million botnet infections in the US alone during the first half of 2010.
For those who aren’t up for sifting through hundreds of report pages, the BBC has a pretty good overview of some of the key findings, as well as quotes from Microsoft’s UK head of security. See, “Two million US PCs recruited to botnets” at BBC News.
From a desktop standpoint, one of the key takeaways here is that users should really take advantage of the automatic update features built into Windows and other operating systems. Microsoft’s latest update (issued this week on traditional “patch Tuesday”) was its largest ever with patches for more than 49 vulnerabilities (23 of them rated as highly severe) including a hole that could be exploited by the Stuxnet worm.
I’m also reminded here of the very interesting BBC “Click” program on botnets, in which BBC researchers took control of a botnet to expose its workings. As you might imagine, this caused “something of a row” as they say in the UK.