Botnet is a group of computers, also called zombie-computers, infected with malicious software. Last year Tinba banking Trojan was described as the biggest botnet. In the mid-2015 it achieved an significant increase of activity whereas the highest level of infection was recorded only for few days throughout the year. The daily average number of computers infected with Tinba amounted to 4,300 IP addresses. CERT Polska specialists claim that the leak of the Tinba’s source code in the mid-2014 surely influenced its popularity. As the result there were many various types of bots used both by amateur criminals, just beginning their contact with malware, as well as by professional criminals.
The second place went to Conficker, a giant botnet, which was redirected to the sinkhole server in 2009 where its traffic was monitored and analysed in detail. Since then CERT Polska experts have observed a slow decline in the number of reported devices infected with malicious software of this type. In the annual bot ranking Conficker has lost its leading position for the first time.
- Malicious software created nowadays by cybercriminals – such as Tinba – differs from that what we observed few years ago. Before one of the main goals was to infect the largest number of devices – as Conficker did – and then an attempt to use gathered data. While today’s malware has limited but well-defined circle of „recipients” and is well-prepared from social engineering side – says Piotr Kijewski, the Head of CERT Polska. In order to avoid becoming a victim of cybercriminals you must first approach carefully to emails and messages that you get on your computer or smartphone, especially those demanding to reveal sensitive data or encouraging to click on a link or attachment – adds Piotr Kijewski, the Head of CERT Polska.
The statistics are based on the data gathered in the n6 platform - the system created by CERT Polska for collection, management and distribution of security-related information. Within the n6 project, 100,000 of security events are processed daily in an automated manner.
Detailed information on cybersecurity issues in Poland in 2015 will be soon presented in the annual report.