Online criminals setting up botnets are downsizing their networks of enslaved machines in an attempt to counter security software firms.
Virus writers typically try to build the largest possible botnet to make it more powerful and therefore more valuable to rent out to criminals. But researchers have reported seeing these large groups broken down into smaller units.
"Most botnets are controlled by internet relay chat," said Mika Stahlberg, of
F-Secure's Security Research Programme.
"The problem for the owners is that if the central IRC server goes down they lose the whole botnet. These people do not want to put all their eggs in one basket, and are therefore running smaller botnets."
Stahlberg explained that online gangs are increasingly trying to take over botnets run by other people, and that running numerous smaller botnets makes this less of a problem.
Botnets are still largely a European phenomenon, according to F-Secure. The US is the world's leader in spam and phishing attacks, while South America is one of the top producers of banking Trojans.
Levels of phishing appear to be slackening, due in part to efforts to inform the public about the problem.
Gangs are instead turning to sophisticated key-logging software that stores only banking details, and Trojans that allow the client computer to be used to open the online account.