Summary: Attack of the 50 Foot Botnet
Ryan Vogt and John Aycock
Department of Computer Science, University of Calgary
2500 University Drive N.W., Calgary, Alberta, Canada T2N 1N4
TR 2006-840-33, August 2006
The trend toward smaller botnets may be more dangerous in terms of large-scale attacks like dis-
tributed denials of service. We examine the possibility of "super-botnets," networks of independent bot-
nets that can be coordinated for attacks of unprecedented scale. For an adversary, super-botnets would
also be extremely versatile and resistant to countermeasures. Our simulation results shed light on the
feasibility and structure of super-botnets and some properties of their command-and-control mechanism.
Possible defenses against the threat of super-botnets are suggested.
Big botnets are big news. Botnets involving over 100,000 zombie computers have been claimed [5, 6, 16],
and there was even one case involving 1.5 million compromised computers . However, big botnets are
bad from the standpoint of survivability: someone is likely to notice a big botnet and take steps to dismantle
The recent trend is toward smaller botnets with only several hundred to several thousand zombies .
This may reflect better defenses the malware creating new zombies may not be as effective but it may