To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Thu, 26 Jul 2007, Craig Holmes wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > As promised, I bought the book and finally received it (thanks for the slow > turn around Amazon). > > I have begun reading it, and although I am only starting the third chapter I > am wholly unimpressed. > > Before I discuss the text of the book, I am curious to know. Is it a print > problem or do many of the graphics in the book look overly blurry or > excessively jagged? Some of the pictures look like they were compressed to a > monochrome bitmap of about 2k in size (see page 47). > > My experience with botnets seem to differ in many ways from the text in the > book: > > The book begins by describing what SDBot, Agobot, GTBot, etc do. They include > lists of ports and vulnerabilities that the given bot exploits, actions it > may perform etc. The book doesn't make the point strong enough that a lot of > code (especially SDBot code) started off as simply a public offering and > evolved through many different trees by people with no organization. These > trees criss-crossed without any knowledge of many of the contributors. In > fact, as I recall SDBot (at least a couple of versions from sd) was released > to the public without a single attack vector. It is my belief that this > version is responsible for the most variants due to it's availability. > > The book seems to be making a point that bots are being used by organized > crime. I think this point has been pushed on my fronts of this issue by many > people, however I remain doubtful. In my experience with farmers (or bot > herders as the book calls them) is that they're packet kiddies out to DoS > their moronic buddies or enemies. The botnet was just a natural evaluation > from Trinoo/TFN/Trinity/Kaiten or if they're even lamer then Backorifice, > etc. Though I do certainly accept that some lone individuals use botnets for > monitary gain (avert scams), I wouldn't classify it as organized. Look at the > numbers given in the book: > -4.5 Million active botnet computers > -A small botnet is 10,000 computers > That means that there are about 500 botnets active. The book states only a > handful of cases that involved organized crime, possibly 5 cases. That means > that they've identified at least 0.01% of the 500 botnets are being run by > the big evil organized crime people. Not to say that proves them wrong, but > it isn't enough evidence for me. I believe they are sensationalizing this > fact quite a bit. > > The book paints a pretty diagram showing how people with their cam corders run > from the movie theatre directly to their dorm and upload their bootlegs to > topsites which are actually botnets. This is a silly notion. A great deal > movies that are available on the internet today (and much software) are > released by organized (though not by for profit) piracy groups (the 'scene'). > These groups do use topsites, but they are FTP servers running on legitmate > hardware (a member of the group may be a sysadmin at MIT for example). These > topsites and groups are not even remotely affiliated with botnets (or at > least weren't in 2002 which is when my experience dates to). The offenders > identified (from Drink or Die, Razor1911, etc) wouldn't be caught dead > touching a botnet, as it would do great damage to their reputation. > Furthermore, these elite groups have very little use for clickthrough scams, > distributed storage, or dos attacks. > > I feel like the authors are making a far too liberal attempt at connecting the > dots on many issues. I am also slightly disappointed as it seemed much of the > book will be focused on general intrusion detection techniques, sandboxing, > reporting etc and less on practical cases, motivation, C&C methods, > encryption and more technical aspects of the bot itself. > > I will report my final thoughts when I complete the book. > > Craig
Got any comments on the third chapter? > > > On Sunday 08 July 2007 21:53, Thomas Raef wrote: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> ---------- >> Gadi, >> >> It's easier for people to just buy the book. I bought it about a month >> ago and have read it a few time already. Nice work! > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets