Another technique used to hide botnets from security firms is to expose only a small proportion of their zombies at any one time, cycling their use over a period of several days and limiting the amount of spam sent from each to minimise the risk of them appearing in blacklists of known spam-sending IP addresses.
Until recently, botnet controllers had to recruit one PC at a time. But with the advent of 'generic droppers' like Bredolab, larger botnets can be assembled for a spam campaign or something more sinister.
Cyber criminals can purchase the control of thousands of already-compromised PCs, recruited en masse for their botnet. This moves botnet recruitment from a random, scattergun approach to a more commoditised recruitment campaign. The only limitation to the size of the botnet is how much the criminals are prepared to spend.
MessageLabs Intelligence estimates there are about five million bots or zombie PCs around the globe actively producing exorbitant amounts of spam. It takes hundreds, not even thousands, of zombie PCs to launch a successful DDoS attack against a typical web server, and cyber criminals often prefer to spread the workload across several thousand computers to better avoid detection.
The zombie PCs that make up botnets are recruited largely from inadequately-protected domestic PCs, but there are also a plethora of compromised business networks. Conventional firewalls that don't inspect HTTP streams - the preferred C&C mechanism for many contemporary botnets - are usually inadequate, as is conventional antivirus software on its own.
Businesses should minimise the risk of becoming part of a botnet by ensuring that they are protected, by filtering internet traffic for spam and other malicious or harmful content before it reaches their corporate network.
All eyes are now on the cloud, whether private or public, to fight the 'Botwar'. Traditional desktop appliances are no longer flexible or strong enough to keep defences running around the clock.
With all the will in the world it will be almost impossible to eradicate the problem using technology alone. The most effective way to stop botnets is by turning the internet against them, using the fabric of the cloud as a catalyst to kill the botnets.
Adrian Covich is a principal systems engineer at Symantec Hosted Services.