In recent weeks, CYREN has noted a dramatic increase in the number of active malware-sending bots, which appears to correlate with a slowdown in spam-sending bots. Periodically throughout the year, CYREN analysts see these types of fluctuations. Reasons vary, although CYREN analysts suspect that botnet owners are “repurposing”, with the primary objective to expand the botnet; malware is increasing and the reduction in spam volume comes from the cybercriminal’s desire to expand and “groom” the botnet. By using the bots to send out malware (instead of spam), the cybercriminal is able to “recruit” new bots and further mature the botnet. Once the botnet has been suitably developed it can be repurposed to start sending out spam again.
The graph below illustrates the correlation between spam-sending and malware-sending bots. Each line (red=spam and blue=malware) represents two different data sets that have been overlaid. While malware volume (in total numbers) never actually rises above the volume of spam at any point in the timeline, by correlating the two data sets the peaks and valleys of botnet cybercrime become clearer.
CYREN is urging companies to stay vigilant as it is very likely that new large-scale malware attacks will increase in the coming weeks, as exemplified in our post of 5 November UPDATE: CYREN Continues to Analyze Significant Malware Attack.
If there is one reason to have good zero-hour protection, times like this are it. To learn more about virus outbreak detection technology, visit CYREN Virus Outbreak Detection.