“And what about the guilty party here – the Optima bot? Well, it first appeared at the end of 2010 on the Russian-speaking cybercrime black market and quickly achieved popularity. Apart from DDoS attacks, the bot’s functionality includes downloading other executable files and stealing passwords for a number of popular programs (FTP clients, IM, email clients, browsers, etc.).
“As for the botnet’s size, we don’t have any definitive information, but there are indirect pieces of information that can help us estimate how big it is. During the DDoS attacks described above, Optima bots also received commands to download new versions of Trojan-Downloader.Win32.CodecPack (you’ll soon be able to read more about this interesting Trojan in an upcoming analytical research article). The fact that CodecPack is distributed via this botnet suggests that this particular Optima botnet is probably big, because the CodecPack owners will only ‘collaborate’ with the biggest botnets on the market. For participation in their program, the CodecPack owners require botnets maintaining at least tens of thousands infected machines before they will do business with any potential bot herder.”
LiveJournal under attack, by Maria Garnaeva, Kaspersky Lab Expert, SecureList.com, April 06, 2011
The LJ thing was just annoying, now it’s scary. Well, it is to me. Watch out! The Bot Herders might getcha.