Botnet statistics

As a reminder, botnets are networks of computers infected by malicious software. A botnet master controls ‘his’ botnet remotely, without the knowledge of the owners of the infected PCs. Its main aim is to use zombie PCs to send out massive amounts of spam, carry viruses and steal users’ bank details through phishing.

In 2010, the flow of spam circulating around the world was closely linked to spam activity. The Rustock botnet was the best-known and most powerful at the time. The spam rate recorded by computer security editors during his reign was 92%. What’s more, 88.2% of spam worldwide was sent via botnets in 2010. 3.5 to 5.4 million computers were controlled by master botnets over the same period. At the time, Rustock was the world’s largest botnet, with over a million zombie computers and more than 44 billion spam messages sent worldwide every day. What’s more, the number of malware strains recorded by IT security publishers was close to 340,000 during the same year. The hackers had no trouble developing several versions of malicious code from existing polymorphic software on the market. Nearly 3,000 of them end up in the inspectors’ net. But the number of people who pass through them is not negligible either.

Faced with attacks by botnet masters, several countries decided to take significant action in 2010 and 2011. In the USA, a best practice guide has been drawn up to detect the activities of cybercriminals and protect Internet users. This document is primarily intended for Internet service providers. This practice has also been followed by a number of countries, including Germany and other European countries. The aim is for ISPs to be able to detect botnet attacks and inform affected users in good time. In Australia, Internet service providers have decided to quarantine users likely to endanger the security of others. In Japan, Internet service providers have set up a centralized platform to combat botnets more effectively. In all these initiatives, the costs will be shared between all the players.

Proportion of spam sent from zombie computers

According to our graphs, we notice a drop in the number of botnets from mid-August 2012. The graph above shows the proportion of spam received on our servers from botnets. Botnet activity peaked in the last quarter of 2006. Since August 2012, the average has fallen from a good quarter of the volume to less than 15% of overall incoming spam traffic. The highest rate was reached on December 19, 2007, when 75.3% of spam received came from zombie computers. Strangely, the lowest rate was 3.1% of spam on 12/31/2013. In previous years, rates on New Year’s Eve were more or less average for the year.

It would appear that the actions undertaken in 2010-2011 did indeed bear fruit in 2012 in terms of botnet numbers. It’s also possible that the use of botnets has been refocused on other, perhaps more lucrative activities than spamming…