2009 is the year of the botnet

The botnet herders are making it increasingly difficult to track down their bots

Malicious web sites and botnet activity continued to dominate the cyber securiy landscape over the past 12 months, with 10 major botnets now controlling at least five million computers, according to Symantec's MessageLabs Intelligence division.

The firm's MessageLabs Intelligence 2009 Security Report launched today reported that the average number of new malicious web sites blocked each day rose 7.6 per cent from 2008 to 2,465. It also found an overwhelming majority of the blocked domains – 80 per cent – were legitimate sites that had been compromised.

The report also warned of an increasing sophistication in botnet activity during 2009, with command and control channels becoming harder to pinpoint and take down – a trend senior analyst for the firm Paul Wood said could "get worse in the short term".

"The McColo outage had a huge impact on spam volumes as it took a few weeks for spammers to recover, but we've seen this year botnet technology has evolved so that there is no longer a single point of failure," he added.

"So when we've seen other ISPs taken offline it has not had the same impact as McColo – it's taking hours or days not weeks to recover."

He also warned that while the amount of spam being sent out from botnets such as Cutwail, Rustock and Mega-D actually dropped in 2009, there is still "the huge potential for increases in the New Year".

The report highlighted the continued impact of Captcha-breaking tools, which are now readily accessible on the internet and have led to widespread hacks on social networking and webmail sites.

"The hackers then take advantage of these domains in order to make it harder for security software to make a judgement on whether they're malicious or not," said Wood.