- Elsevier - Computer Networks
- 2012 - Botnets: A survey
- SéRgio S. C. Silva, Rodrigo M. P. Silva, Raquel C. G. Pinto, and Ronaldo M. Salles
|1993||EggDrop||Centralized/IRC||-||Recognized as one of the first popular IRC bots|||
|1998||GTbot||Centralized||-||IRC-based bot that uses mIRC scripts||[7,21,40]|
|2002||SDbot||Centralized/IRC||-||Uses its own IRC client for better efficiency. Can also use instant-messaging programs and has reached more than 4000 variants||[7,20,40,41]|
|Agobot||Centralized/IRC||-||Robust, modular, flexible and uses a persistent C&C channel||[7,19,42]|
|2003||Spybot||Centralized||-||Derived from Agobot with more features||[7,16,18]|
|Sinit||P2P||-||Use random scanning to find others peers||[41,43]|
|Forbot||Centralized||-||Derived from Agobot|||
|Phatbot||P2P||-||Based on the WASTE P2P network||[7,41]|
|2006||SpamThru||P2P||12,000||SpamThru uses a custom P2P protocol to share information with other peers|||
|Nugache||P2P||160,000||Connect to a predefined list of peers||[47,48]|
|Jrbot||Centralized||-||IRC-Based bot with a persistent channel|||
|Rxbot||Centralized/IRC||-||IRC-Based bot with a persistent channel|||
|Rustock||Centralized/HTTP||150,000||Bot responsible for 30 billion messages per day, the largest botnet observed in 2010. Was deactivated in 2011.||[46,50,51]|
|2007||Storm||Centralized||160,000||Was considered one of most powerful botnets, with high processing power, capable of disconnecting entire countries||[46,48,52,53]|
|Peacomm||P2P||160,000||Storm variant based on Kademlia network||[48,52,53]|
|Pushdo||Centralized/HTTP||175,000||Encrypts C&C messages and capable of sending 4.500 messages in an hour per bot||[50,54]|
|Srizbi||Centralized/HTTP||400,000||In 2008, it was one of the main botnets responsible for sending spam, approximately 50% of all traffic, approximately 80 to 60 billion messages per day||[46,55]|
|Zeus/Zbot||Centralized/HTTP||3,6 millions||Allows the creation of new bots, with more than 3000 variants||[56–58]|
|Mega-D||P2P||500,000||Became responsible for 1/3 of all spam traffic, was shut down in 2008||[50,59]|
|2008||Lethic||Centralized||260,000||Initially discovered in 2008, mainly involved in pharmaceutical and replica spam, was responsible for 8–10% of all the spam sent worldwide.|||
|Asprox||Centralized/HTTP||15,000||In addition to sending spam, it is able to perform SQL Injection on legitimate websites|||
|Bobax||Centralized/HTTP/UDP||185,000||Employs dynamic DNS and an algorithm for generating domains||[41,46]|
|Kraken||Centralized||400,000||A variant of Bobax||[61,62]|
|Torpig||Centralized||180,000||Typically targets bank account, credit-card data and also steals a variety ofother personal information|||
|Conficker||P2P||10,5 millions||In 2009, a coalition of security researchers was created to study Conficker, although some researchers do not consider it a bot/botnet||[64,65]|
|2009||Waledac||P2P||80,000||Successor of the Storm bot, was used for sending spam (7000 posts per day), shut off in 2010||[50,66,67]|
|Donbot||Centralized/TCP||125,000||It uses a specific protocol for the C&C server using TCP ports above 2200|||
|2010||Festi||Centralized/HTTP||-||Sends an HTTP request message to the C&C, which responds with encrypted templates of spam and/or a list of addresses|||
|2011||TDL-4||P2P||4,5 millions||Has infected up to 4.5 million PCs in 2011, identified as one of the most sophisticated threats today. "It is virtually indestructible", according to security researchers|||
 P. Bacher, T. Holz, M. Kotter, G. Wicherski, Know Your Enemy: Tracking Botnets (using honeynets to learn more about bots), Technical Report, The Honeynet Project, 2008.
 C. Li, W. Jiang, X. Zou, Botnet: survey and case study, in: Fourth International Conference on Innovative Computing, Information and Control (ICICIC), 2009, pp. 1184–1187.
 Symantec, Spybot worm, 2003 <http://www.symantec.com/securityresponse/writeup.jsp?docid=2003-053013-5943-99>.
 T. Micro, Worm AgoBot, 2004 <http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=WORMAGOBOT.XE>.
 T. Micro, Worm SDBot, 2003 <http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=WORMSDBOT.AZ>.
 G. Macesanu, T. Codas, C. Suliman, B. Tarnauca, Development of GTBoT, a high performance and modular indoor robot, in: IEEE International Conference on Automation Quality and Testing Robotics (AQTR), vol. 1, 2010, pp. 1–6.
 EggHeads, EggHeads.org-eggdrop development, 1993 <http://eggheads.org/>.
 Dumbledore, Well Known Bot Families, 2001 <http://dumbledore.hubpages.com>.
 T. Yen, M.K Reiter, Traffic aggregation for malware detection, in: Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA’08, Springer-Verlag, Berlin, Heidelberg, 2008, pp. 207-227.
 Symantec, W32.Gaobot.CEZ, 2002 <http://www.symantec.com>.
 R. Schoof, R. Koning, Detecting Peer-to-Peer Botnets, Technical
Report 1, University of Amsterdam, 2007.
 Symantec, Messagelabs Intelligence, in: Security Response, Symantec, 2010.
 L. Liu, S. Chen, G. Yan, Z. Zhang, BotTracer: Execution-Based Bot-Like Malware Detection, in: T. Wu, C. Lei, V. Rijmen, D. Lee (Eds.), Information Security, Lecture Notes in Computer Science, vol. 5222, Springer, Berlin/Heidelberg, 2008, pp. 97–113. 10.1007/978-3-540-85886-7 7.
 G. Keizer, Top botnets control 1 m hijacked computers, 2008 <http://www.computerworld.com>.
 T. Wilson, Competition may be driving surge in botnets, spam, 2008 <http://www.darkreading.com>.
 S. Stover, D. Dittrich, J. Hernandez, S. Dietrich, Analysis of the storm and nugache: P2p is here, in: Proceedings of the 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET’11), USENIX Association, 2007.
 G. Gu, J. Zhang, W. Lee, BotSniffer – detecting botnet command and control channels in network traffic, in: 15th Annual Network & Distributed System Security Symposium, The Internet Society (ISOC), San Diego, 2008.
 Spam botnets to watch in 2009, 2001 <http://www.secureworks.com>.
 C. Miller, The Rustock Botnet Spams Again, 2008.
 T. Holz, M. Steiner, F. Dahl, E. Biersack, F. Freiling, Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm, in: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, USENIX Association, Berkeley, CA, USA, 2008.
 C. Davis, J. Fernandez, S. Neville, J. McHugh, Sybil attacks as a mitigation strategy against the storm botnet, in: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, 2008, pp. 32–40.
 S. Works, Pushdo – Analysis of a Modern Malware Distribution System, 2008 <http://www.secureworks.com>.
 J. Kirk, Spammers Regaining Control Over Srizbi Botnet, 2008 <http://www.pcworld.com>.
 E. Messmer, America’s 10 Most Wanted Botnets, 2009 <http://www.networkworld.com>.
 K. Stevens, D. Jackson, Zeus Banking Trojan Report, 2010 <http://www.secureworks.com>.
 J. Hruska, New Mega-d Menace Muscles Storm Worm Aside, 2008 <http://arstechnica.com>.
 R. Borgaonkar, An analysis of the asprox botnet, in: Fourth International Conference on Emerging Security Information Systems and Technologies (SECURWARE), 2010, pp. 148–153.
 K.J. Higgins, New Massive Botnet Twice the Size of Storm, 2008 <http://www.darkreading.com>.
 A. Moscaritolo, Kraken botnet re-emerges 318,000 nodes strong, 2010 <http://www.scmagazineus.com>.
 B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, G. Vigna, Analysis of a botnet takeover, Security Privacy, IEEE 9 (2011) 64–72.
 Experts bicker over conficker numbers, 2001 <http://news.techworld.com>.
 Symantec, The downaduo codex, in: Security Response, Symantec, 2009.
 D.-I. Jang, M. Kim, H.-C. Jung, B. Noh, Analysis of HTTP2P botnet: case study waledac, in: IEEE 9th Malaysia International Conference on Communications (MICC), 2009, pp. 409–412.
 G. Sinclair, C. Nunnery, B. Kang, The waledac protocol: the how and why, in: 4th International Conference on Malicious and Unwanted Software (MALWARE), 2009, pp. 69–77.
 Tdl-4 top bot, 2011 <http://www.securelist.com>.