The Channel logo


By | Darren Pauli 22nd June 2015 06:56

US is the world's botnet mothership, says Level 3

Not the way you want to lead the globe

Level 3 Communications says America is home to more botnet command and control servers, edging out the Ukraine, with Russia only managing third place.

Command and control servers, used to maintain vast botnet scourges, are active for about 30 days before being taken down by operators located all over the world or by local police authorities.

The Level 3 research paper says the US is a good place for command and control servers given its reliable network infrastructure and that connections to the country are not unusal for many western organisations.

"An average of 20 percent of the command and control servers we tracked were based in North America with a nearly equal amount launching from the Ukraine and Russia combined," the report [PDF ] says.

"Unusual communications to these countries should be automatic red flags for IT and security organisations.

"A review of whether servers should be communicating, authenticating or transferring data with endpoints in certain high-risk countries can be a predictor of potential threats to your environment or an indicator of a potential compromise."

The UK chalked up sixth spot while Australia with its vast empty spaces did not feature in the global report that tracked 1000 command and control servers during the first quarter this year.

Of the monitored botnets some 600 were targeting corporate environments.

"Left unchecked, these command and control servers have the potential to disrupt business and destroy critical information assets."

Level 3 describes for report readers some of the latest botnet threats including the SSHPsychos bot that at its peak accounted for 35 percent of all SSH traffic.

That bot was left battered after the company together with Cisco Talos sought to take it down and prevent its automated SSH brute-force attacks against Linux servers.

The company says gaming outfits and internet providers were the hardest hit by botnet distributed denial of service attacks many operating from booter services.

It recommends buisness investigate unusual communications between high-risk countries, double check port scanning attempts which may indicate more nefarious botnet attacks, and keep tabs on DDoS attack profiles. ®

comment icon Read 14 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe