Press Releases

Read the latest news from our family of trusted brands.
  • Gen logo
  • Norton logo
  • Avast logo
  • LifeLock logo
  • Avira logo
  • AVG logo
  • ReputationDefender logo
  • CCleaner logo
Is Your Device Part of an Illegal Hacking Gang? Norton Reveals the Cities that Make up the United States’ Botnet Powerhouses

With the global botnet growing by 6.7 million in 2016, new research reveals Chicago, Washington, D.C., and Atlanta are the leading U.S. cities fuelling botnet-enabled attacks


MOUNTAN VIEW, Calif. – October 11, 2017 – Approaching the one-year anniversary of the Mirai botnet attacks – which infected almost 500,000 connected devices and brought much of the internet to a standstill – Norton by Symantec (NASDAQ: SYMC), the world’s leading cyber security company, reveals how the global botnet has grown and which countries and cities have played host to the greatest number of bot infections. During the time of the Mirai botnet’s peak, almost 20 percent of all attacks originated from devices in the United States, the second highest source globally. In 2016 alone, the Symantec Global Intelligence Network found a staggering 6.7 million additional bots joined the global botnet.

What’s The Worry?

Bots are Internet-connected devices of any kind, such as laptops, phones, connected devices and baby monitors, infected with malware that allow hackers to remotely take control of many devices at a time, typically without any knowledge of the device owner. Some botnets (bot networks) might have a few hundred or a few thousand devices, but others have hundreds of thousands, even millions, at their disposal. When utilizing these massive networks, hackers can spread malware, generate spam, and commit other types of online crime and fraud. Additionally, they can also be used to capture personal information like log-ins or banking details.

“More than 689 million people were victims of online crime in the past year1, and bots and botnets are a key tool in the cyber attacker’s arsenal,” commented Candid Wueest, Norton Security expert. “It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs.”

In fact, IoT devices may be part of the uptick in global bot infections in 2016. During its peak last year, when the Mirai botnet - made up of almost half a million connected devices such as IP cameras and home routers - was expanding rapidly, attacks on IoT devices were taking place every two minutes.

Vulnerabilities Stateside

In the United States, Chicago and Washington D.C. lead the way in botnets, hosting 4.6 percent and 4.1 percent of the United States’ bot population, respectively, containing more bots per capita than the countries of Belgium, Sri Lanka and Austria.


United States Country %
Chicago, IL 4.69%
Washington, D.C. 4.13%
Atlanta, GA 3.49%
Ashburn, VA 3.23%
New York, NY 3.22%
Portland, OR 3.18%
Los Angeles, CA 2.02%
Las Vegas, NV 1.98%
San Jose, CA 1.96%
Tampa, FL 1.57%

Kevin Haley, security expert at Symantec, explains, “The size of a bot population can depend on many factors, but cities where there is a large number of Internet-connected devices, such as computers or servers, or where there has been a recent uptick in the acquisition of high-speed, internet-connected devices, seem to be lucrative sources for cybercriminals to infect.”

While size and location maintain a correlation, where a bot resides isn’t indicative of where its creator may live. Since botnets are global in nature, an infected device in the United States, for example, could contribute to an attack in Asia and be controlled by a cybercriminal somewhere in Europe.

Warning Signs and Tips to Stay Protected:

Bots sneak onto a person’s device in many ways. The malware is often mistakenly downloaded through links or malicious file attachments when opening an email or social media message. Botnets can also sneak onto devices when a user has visited a compromised website. A bot might cause a device to slow down, display mysterious messages, or even crash for no apparent reason. Consumers should run a full diagnostic if any warning signs appear.

To safeguard against malicious bots:

  • Install robust security software and firewalls to secure your device.
  • Never ignore system updates. Configure your software's settings to update automatically to make the most of patches and fixes that vendors provide.
  • Never click on file attachments within emails or messages unless you can verify the source of the attachment is legitimate. Be particularly wary of file attachments that prompt users to enable macros.
  • Use a long and complex password that contains numbers and symbols and never use the same password for multiple services.
  • Enable advanced account security features, like two factor authentication and login notification, if available.

About the Data

Symantec has established one of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network. The Symantec Global Intelligence Network tracks over 700,000 global adversaries and records events from 98 million attack sensors worldwide. This network monitors threat activity in over 157 countries and territories through a combination of Symantec and Norton products, technologies and services, and other third-party data sources. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, such as botnet and malicious code activity, phishing, and spam.

Data source for internet-connected populations found at Internet World Stats as reported on 25 July 2017:

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit or connect with us on FacebookTwitter, and LinkedIn.

1Norton Cyber Security Insights Report, 2016. Page 5.

Share Release