mitigating botnet C&Cs has become useless
Rick Wesson
wessorh at ar.com
Tue Aug 8 23:53:00 UTC 2006
this isn't fun, comments in line.
Sean Donelan wrote:
>
> On Tue, 8 Aug 2006, Rick Wesson wrote:
>> Last sunday at DEFCON I explained how one consumer ISP cost American
>> business $29M per month because of the existence of key-logging botnets.
>
> Why did you attribute responsibility for the cost only to the consumer
> ISP? How much of the cost should be attributed the PC OEM, or the
> software developers, or the American business, or the ....?
Because the numbers are significant. Finding any entity that could
provide a choke-point for 4% of business side id-theft is an interesting
exercise and of significant value to the community.
>
>> you want to talk economics? Its not complicated to show that
>> mitigating key-logging bots could save American business 2B or 4% of
>> =losses to identity theft -- using FTC loss estimates from 2003
>
> What are the economics of American businesses mitigating key-logging bots?
there is no detectable mitigation, the slope of the infection rate
continues to rise.
> How much security would you get for an additional $20 per year per on-line
> user? Spending more than the losses wouldn't save American business money.
depends on how it is spent
-rick
More information about the NANOG
mailing list