Research from security vendor Finjan suggests that enterprise IT shops are losing the war against those who would hijack company PCs for botnets. Almost half the victims are in the US, with the UK in second spot with 6 perent, and most use Internet Explorer (IE).
Finjan's Malicious Code Research Centre (MCRC) uncovered a network of 1.9 million Trojan horses running on corporate, government and consumer computers around the world during an investigation of command-and-control servers run by botnet herders from the Ukraine and elsewhere.
One server, launched in February but later shut down, was hosted in the Ukraine and controlled by an online gang of six people who managed to establish a vast Trojan distribution network.
"Hackers keep looking for improved ways to distribute malware and Trojans are winning the race. The sophistication of the crimeware and the staggering amount of infected computers proves these people are raising the bar," Finjan CTO Yuval Ben-Itzhak said. "Corporate and governmental data remain prime targets, especially computers in the US and the UK which are under attack, and need to protect themselves."
Based on posts found on various hacking forums, researchers believe 1,000 hijacked computers are being rented out for $100-$200 (£70-£140) a day. The bad guys can make $190,000 a day for renting a botnet of 1.9 million infected computers.
The Trojan horse programs are silently dropped on computers when the user visits compromised websites that hide the malware. The giant command-and-control server researchers uncovered includes the IP addresses of infected machines as well as the computers' name inside corporate and government networks that are running the Trojan horse.
Computers in 77 government-owned domains (.gov) from the US, UK, Brazil, Turkey and India have been compromised and are running the Trojan horse. The malware is remotely controlled by hackers who use them to deliver almost any command on the end-user computer as they see fit, including reading emails, copying files, recording keystrokes, sending spam, and making screenshots.
Here's the global spread of infected computers in percentages, based on Finjan's findings:
* US: 45 percent
* UK: 6 percent
* Canada: 4 percent
* Germany: 4 percent
* France: 3 percent
* Other: 38 percent
The Trojan horse is infecting computers running Windows XP and using the following browsers to hunt its prey:
* Internet Explorer: 78 percent
* Firefox: 15 percent
* Opera: 3 percent
* Safari: 1 percent