Botnet operators have always been able to easily infect and convert PCs into
bots, but they also are increasingly going after servers — even building
networks of compromised servers.
Web servers, FTP servers, and even SSL servers are becoming prime targets for
botnet operators, not as command and control servers or as pure zombies, but
more as a place to host their malicious code and files, or in some cases to
execute high-powered spam runs.
"FTP servers are a hot commodity in the underground. They are regularly used
by drive-by download malware as well as a downloading component for regular bots,"
says Mikko Hypponen, chief research officer at F-Secure. "Another thing we’ve
noticed is the use of SSL servers. Sites with a valid SSL certificate get hacked
and are used by drive-by-downloads."