The security industry has had a hard time defining spyware, much less eliminating it. But according to many, there's one type of spyware that's among the most dangerous: the botnet. The Anti-Spyware Coalition , the industry group striving to come up with types and risk models for spyware, defines a botnet as remote-control software covertly installed on computers that can be exploited to turn the machines into mass mailers or become part of a denial-of-service attack.
Organized into botnet armies controlled through an unknown source, these networks of compromised computers are widely believed to be available for a growing range of criminal purposes, including extortion.
According to Symantec's most recent Internet Security Threat Report, which compiles security-related data on a semiannual basis from 24,000 sensors around the world, there were 10,352 active bot networks active each day in the first half of the year, an increase of more than 140% from the previous count of 4,348.
Security outfits - and telecom firms that find botnet traffic riding their pipes-see botnets quickly rising to the position of public enemy No.1.
"Every single virus, Trojan or worm is dropping a bot," says David Perry, global director of education at Trend Micro.
Perry says he's known of a single botnet in control of 600,000 compromised machines. Botnets have been used as spam relays, and have been the source for distributed denial-of-service attacks since at least five years ago, when 15-year-old Mafiaboy managed to cripple the Web sites of Amazon.com, CNN, E-Trade and others by flooding them with unwanted traffic.
Today, botnets appear to be used to pump up numbers of visits to Web sites through compromised desktops, Perry adds.
Arbor Networks six months ago helped organize the Fingerprint Sharing Alliance so network providers could swap information about Internet attacks. "Botnets are probably the No. 1 reason that providers are working together in forums [such as this]," says Paul Morville, Arbor's director of product management. "In 2005, denial of service means botnets - tens of thousands of compromised hosts - flooding the network infrastructure itself."