The “boom” of the internet and the massive increase of the use of the e-mail made the conditions ideal for the appearance of botnets. In fact, as you will see below, most of the botnets detected until today are somehow related to sending enourmous amounts of e-mails, especially spam. Be aware that the estimated number of bots presented below are just that, estimatives, because in some countries it is common that users change their IP address several times a day.
Bagle more info
Est. no of bots: 230 000
Bagle (also known as Beagle) is a mass-mailing computer worm affecting all versions of Microsoft Windows. Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients. It copies itself to the Windows system directory and opens a backdoor.
Rustock more info
Est. no of bots: 150 000
Rustock botnet consisted of computers running Microsoft Windows and was capable of sending up to 25,000 spam messages per hour from an infected PC. To increase the size of the botnet it would use self-propagation by sending malicious e-mails with a trojan which would incorporate the targeted machine into the botnet.
Akbot more info
Est. no of bots: 1 300 000
Akbot is an IRC controlled backdoor program that allows an outside user to take control of the infected computer. It operates by joining IRC servers and then waiting for further instructions. Once installed, Akbot can be used to gather data, kill processes, or perform DDOS attacks.
Cutwail more info
Est. no of bots: 1 500 000
Cutwail botnet is a botnet mostly involved in sending spam e-mails. Typically, it uses a Trojan component called Pushdo to infect a machine. It affects computers running Microsoft Windows.
Srizbi more info
Est. no of bots: 450 000
Srizbi botnet is a botnet mainly involved in sending spam e-mails. It infects computers with the Srizbi trojan, which allows to send spam on command.
Mariposa more info
Est. no of bots: 12 000 000
The Mariposa botnet is a botnet mainly involved in cyberscamming and denial of service attacks. It is one of the largest known botnets with up to 12 million unique IP addresses.
Sality more info
Est. no of bots: 1 000 000
Sality is a family of malicious software which infects files on Microsoft Windows systems. Machines infected with Sality are able to communicate over a peer-to-peer (P2P) network for the purpose of relaying spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks (e.g. password cracking).
Conficker more info
Est. no of bots: 10 500 000+
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system. The botnet uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate itself.
Grum more info
Est. no of bots: 560 000
The Grum botnet, also known by its alias Tedroo and Reddyb, was a botnet mostly involved in sending pharmaceutical spam e-mails. It relies on two types of control servers for its operation. One type is used to push configuration updates to the infected computers, and the other is used to tell the botnet what spam emails to send.
BredoLab more info
Est. no of bots: 30 000 000
The BredoLab Botnet, also known by its alias Oficla, was a botnet mostly involved in viral e-mail spam.
Kelihos more info
Est. no of bots: 300 000+
The Kelihos botnet, also known as Hlux, is a botnet mainly involved in the theft of bitcoins and spamming.
TDL-4 more info
Est. no of bots: 4 500 000+
TDL-4 is a botnet and the name of the rootkit that runs the botnet (also known as Alureon). It infects the master boot record of the target machine, making it harder to detect and remove.
Ramnit more info
Est. no of bots: 3 000 000
Ramnit is a computer worm affecting Windows operating system. The Ramnit botnet was dismantled by Europol and Symantec securities in 2015.
ZeroAccess more info
Est. no of bots: 2 000 000
ZeroAccess, also known as Max++ and/or Sirefef, is a botnet mostly involved in bitcoin mining and click fraud. It uses a Trojan horse computer malware that affects Microsoft Windows operating systems and downloads other malware on an infected machine while remaining hidden by using rootkit techniques.
Nitol more info
Est. no of bots: unknown
The Nitol botnet is a botnet mostly involved in spreading malware and distributed denial-of-service attacks. The botnet is mostly prevalent in China where an estimate 85% of the infections are detected. It was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.
Semalt (aka Soundfrost) more info
Est. no of bots: 300 000+
Semalt is a botnet mainly involved mainly involved in sending spam e-mails. It visits random websites to generate referral and spies on users browsing habits.
This list demonstrates that there has been several botnets that were able to reach a big dimension infecting thousands (or even millions) of machines. Most of the botnets presented were spam sending related but it is also noticeable that there has been an evolution and they tend to do more than just that. Also botnets have become more complex making it harder to dismantle them.