The volunteer white hats of , a nonprofit organization dedicated to battling the bot scourge, maintain a count of how many bot-infected PCs they see with their distributed Internet sensors. In mid-June that count began to climb dramatically, eventually exploding from a sample set between 100,000 and 200,000 for most of the year to a peak of about 500,000 in mid-September.
Since Shadowserver's sensors don't see every botnet, the total number of bot-infected machines is almost certainly a good deal larger. And some of the apparent increase stems from Shadowserver's having launched more sensors. But "there are clearly more bots and infected PCs," says Andre´ M. DiMino, a Shadowserver founder. "There's a rise in the surface area of infections and consequently the number of bots we're seeing."
Some experts tie the botnet rise to a recent wave of Web-based attacks. , a type of assault against online applications, can crack open vulnerable but otherwise benign Web sites and allow a malicious hacker to insert booby-trapped code. When someone unknowingly browses a poisoned site, the triggered booby trap invisibly hunts for exploitable software holes through which it can install a bot or other malware. Once it infects a PC, a bot contacts a server on the Internet to pick up commands, such as to steal financial-site log-ins, from its thieving controller.
"At the time when this jump [in the number of bot-infected machines] started," says John Bambenek, an incidence handler at the , "there was a round of SQL injection attacks against thousands of Web sites." The ISC is another volunteer organization that tracks widespread Internet attacks.
Innocent Sites Suffer