and here are some answers [was: Quarantine your infected users spreading malware]
Gadi Evron
ge at linuxbox.org
Tue Feb 21 12:33:57 UTC 2006
Simon Waters wrote:
> I've seen 95% quoted - certainly my experience if you go looking for malware
> in recent Windows desktop machines using IE and Outlook it is pretty much a
> certainty you'll find it. Most of these tools I was using didn't detect the
> Sony Rootkit, or other malware, so this will always be an underestimate of
> the true extent of the problem, unless one uses fingerprinting and packet
> inspection as the tools of choice for malware detection.
>
> This is very much a Windows only problem, it doesn't affect desktop users of
> other systems at all, possibly in part because they lack critical mass, but
> also because they have more sensible security models. Largely it is an
> Outlook and IE problem.
>
Hi Simon, this is indeed a Windows problem due to Microsoft being a
mono-culture in our desktop world. Still, there are botnets constructed
from other OS's as well. Also, C&C servers are mostly *nix machines.
Gadi.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
More information about the NANOG
mailing list