short Botnet list and Cashing in on DoS
Gadi Evron
ge at linuxbox.org
Thu Oct 7 16:19:59 UTC 2004
> Going after the bots is lesser effort. The controllers are
> a priority.
That's not happening.
AV companies are mostly interested in hyping the latest worm or
semi-worm. Drone armies, hundreds of thousands large (no exaggeration)
are just too much of an effort with 1000+ new Trojan horses coming out
every month.
Also, there are virtually no resources directed at this problem except
for a _few_ numbered concerned individuals from various corporate
security teams and a few people who use IRC networks, world-wide.
As long as so many computers are out there for the taking, it is almost
an impossible war.
Maybe it would be possible to check if any users from a location you are
in-charge of are connecting to these IP's and sending them an automated
email about their security plus a deal on an AV product (whatever it is
worth for this)?
I doubt many here have the time to even consider such an effort, even
with the deal.
There are easier ways, such as seeing who in a said network connects out
with recognized signatures.. again, I doubt many would bother.
Spam, viruses, it all revolves around the same problem. The users
en-masse are a serious risk on the macro level. Besides, with so many
drones around and infected machines - who needs a proxy to be anonymous?
Gadi Evron.
More information about the NANOG
mailing list