Botnets continue to be a growing concern in America allowing groups of cybercriminals to take control over systems and attack websites.
A list has been created exposing the top 10 most wanted botnets in America which is an estimate by security firm Damballa based on size and activity of such attacks originating in America. Although there are many attacks that have originated from other countries, America continues to be a main-stream target for obvious reasons ranging from the massive population to easy accessibility.
- Zeus botnet: The number 1 botnet to compromise over 3.6 million systems in America. The Zues Trojan uses keylogging methods for theft of private information ranging from usernames, credit card numbers to passwords and banking account numbers. Zeus is known to inject malicious code into online banking login pages to gain the ability to steal usernames and passwords.
- Koobface botnet: Koobface is well known for it's recent attacks, just this year, on Facebook, MySpace and now Twitter social networks. Koobface uses fake messages sent from compromised friends accounts or profiles to spread malware or malicious video page links. So far 2.9 million systems in the U.S. have been compromised by Koobface.
- TidServ botnet: TidServ is a Trojan downloader that is usually propagated through spam messages as an attachment. Rogue anti-spyware or fake security applications are also known to be bundled with the TidServ Trojan infection. TidServ has compromised 1.5 million systems in the U.S. so far.
- Trojan.Fakeavalert botnet: Trojan.Fakeavalert is a spamming infection that has recently been known to download other malware infections or fake security programs such as rogue anti-spyware applications. So far Trojan.Fakeavalert has compromised 1.4 million U.S. systems.
- TR.Dlrd.Agen.JKH botnet: TR.Dlrd.Agen.JKH is another Trojan horse that uses posted encrypted data for controlling its compromised systems via certain domains. TR.Dlrd.Agen.JKH generates ad revenue for the botmaster through malicious ad activity. 1.2 million computers in America have been compromised by TR.Dlrd.Agen.JKH.
- Monkif botnet: Monkif has compromised 520,000 systems in America through uses of adware browser helper objects (BHO).
- Hamweq botnet: Hamweq is an autorun worm infection that uses backdoors to infect systems and can be spread through autorun methods. Hamweq is also able to create registry entries for automatic execution upon startup of an infected system. Hamweq has compromised 480,000 computers in the U.S.
- Swizzor botnet: Swizzor is a Trojan dropper that is able to go undetected when downloading and executing files or applications on a victims system. 370,000 computers have been compromised by Swizzor in America.
- Gammima Botnet: Gammima is a password stealing infection that uses rootkit methods to load into the address spots of other programs or running processes. Gammima is able to spread through removable media drives and was known to infect the Internet Space Station during the year 2008. Gammima has compromised 230,000 systems in the U.S.
- Conficker botnet: Conficker is a well known worm infection that is also called Downadup and Kido. Conficker has vastly spread through systems around the world and has only compromised upwards of 210,000 systems in the U.S. Conficker uses methods to propagate through a downloader and has been known to promote rogue anti-virus applications. Conficker worm is still feared as an emerging threat in the security community.