Other culprits, although on a much lesser scale, included Oscarbot, IRCbot or RXbot.
"This dominance is not so much due to any special features of Gaobot or Sdbot, but simply because their code is much more widely available on the Internet. This means that any criminals that want to make a bot can simply base it on the source code of these threats, making any modifications they choose. Essentially, this saves them a lot of work," explains Luis Corrons, technical director of PandaLabs.
Bots are automated worms or Trojans that install themselves on computers to carry out certain actions automatically, such as sending spam, and turning the compromised computers into zombies. Botnets -- networks made up of computers infected with bots -- have become a lucrative business model. There is an underground market for renting bots in order to send spam or install spyware or adware for example.
As bots are expanding, the way they are controlled is changing. Until now, most of them were controlled through IRC servers. This allows attackers to send orders while hiding behind the anonymity of these chat servers. However, now there are bots that can be controlled through Web consoles using HTTP.
"Control through IRC is useful for controlling isolated computers. However, this system is not so useful when it comes to botnets. By using HTTP, bot herders can control many more computers at the same time, and can even see when one of them is online or if the commands have been executed correctly," explains Corrons.
Bots often reach computers in e-mails that use social engineering or exploit system vulnerabilities. The aim is for them to be installed silently and to operate for long periods of time without users or security companies realizing.
"To prevent the threat of bots it is vital to use security solutions with proactive technologies so they can detect threats without having previously identified them," concludes Corrons.
