All in all, the setup used by today's malware writers makes it very difficult for IT security pros to defend against their wares.
Botnets aren't just for their creators anymore. Having more than likely bought the malware program that creates the bot, today's owners will either use the botnet for themselves or rent it to others by the hour or another metric.
The methodology is familiar. Each version of the malware program attempts to exploit thousands to tens of thousands of computers in an effort to create a single botnet that will operate as one entity at the creator's bidding. Each bot in the botnet eventually connects back to its C&C (command and control) server(s) to get its latest instructions. Botnets have been found with hundreds of thousands of infected computers.
But now that there are so many active botnets (literally tens of millions of infected computers each day), botnet rentals are fairly cheap, meaning all the more problems for IT security pros.
Malware fighters will often attempt to take down the C&C servers and/or take over their control so that they can instruct the connecting bots to disinfect their host computers and die.
Today's sophisticated malware programs often offer all-in-one, soup-to-nuts functionality. They will not only infect the end-user but also break into websites and modify them to help infect more victims. These all-in-one malware programs often come with management consoles so that their owners and creators can keep track of what the botnet is doing, who they are infecting, and which ones are most successful.
But it's not entirely a matter of Webmasters' computers being exploited that's leading to the rise in Web server compromises. More often, the attacker finds a weakness or vulnerability in a website that allows them to bypass admin authentication and write malicious scripts.
Sign up for CIO Asia eNewsletters.