Security firm MessageLabs reports cybercriminals have responded to the takedown of several major botnets by creating more ruggedised botnets that are less vulnerable to disruption.
The shutdown of botnet-hosting ISPs - such as McColo in late 2008 and Real Host in August 2009 - has forced hackers to re-engineer botnets so that the reins of command and control system can be picked up within hours, instead of the weeks of confusion that followed the McColo shutdown.
Paul Wood, MessageLabs Intelligence senior analyst at Symantec, explained: "Hackers have re-engineered malware to make it less vulnerable to disruption. Trojans used to be hard coded with an IP address but now they use domain name rotate using fast flux to calculate next domain or P2P techniques. As a result command and control channels are now more resilient."