A paper published by Damballa recently is trying dig into the relationship between Malware and Botnets.
Here are some interesting points:
- A single malware does not correspond to a single botnet
- Professional malware kits available for few thousand dollars can bypass most anitivirus technologies and often comes with 24x7 support and money-back guarantee for evading antivirus
- Malware kits can generate different variants with different encryption keys, communication methods, and admin passwords.
- The list of DYI malware tool kit is growing
- Criminals are using multiple and different kits to create armories of bot agents, so there is no single detection algorithm or cleaning process will be capable of wiping out an entire botnet.