Considering that a botnet is defined as “a large number of compromised computers,” smaller botnets sounds like an oxymoron. However, researchers from F-Secure say that cybercriminals are downsizing their botnets to make it harder for software security companies to track and contain botnet operations.

Cybercriminals turn a computer into a “zombie” via viruses or unpatched vulnerabilities. When a computer is compromised, it reports back to a central node for instructions when it’s online.

Once there are a sufficient number of zombies, this “zombie army” or botnet is used to send out spam or to mount further attacks on other machines. Controlled remotely, botnets are also increasingly rented out for as little as $100 for a couple of hours.

Excerpt from

… researchers at antivirus company F-Secure have reported seeing these large networks being broken down into smaller groups of compromised computers because the creation of large botnets is not creating as much revenue for such cybercriminals.

… The botnet bandits are also erring on the side of caution by steering away from larger botnets, because if the central server controlling such a network goes down, then the entire botnet is lost, according to F-Secure.

Mika Stahlberg, program manager of the security response team at F-Secure, summed it up. “These people don’t want to put all their eggs in one basket and are, therefore, running smaller botnets.”

Have you run across any zombie activity on the computers that you administer? How do you verify that a computer is not participating in a botnet?


Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!