Worms versus Bots

Sean Donelan sean at donelan.com
Tue May 4 02:08:14 UTC 2004

On Mon, 3 May 2004, Rob Thomas wrote:
> ] Just because a machine has a bot/worm/virus that didn't come with a
> ] rootkit, doesn't mean that someone else hasn't had their way with it.
> Agreed.

Won't help.  What's the first thing people do after re-installing
the operating system (still have all the original CDs and keys and
product activation codes and and and)?

Connect to the Internet to download the patches. Time to download patches
60+ minutes.  Time to infection 5 minutes.  Patches are Microsoft's
intellectual property and can not be distributed by anyone without
Microsoft's permission.

Ok, so you order Microsoft's patch CD.  Unfortunately it only includes
patches through October 2003.

Microsoft is selling over 10 million Windows licenses every month.
Patches not included.

> The record I've seen thus far was a host with 14 distinct and
> active bots on it.  I'm guessing the LEDs on that cable modem
> never blinked.

The problem with Bots is they aren't always active.  That makes them
difficult to find until they do something.

More information about the NANOG mailing list