To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
So, we've had several bots utilize the ms06-040 vulnerability quite
quickly (see Joe's write-up as published last week). We also have a
"worm" now utilizing it to exploit users.
Now, what exactly is the difference? How is a worm defined?
If we are to leave terminology aside for a moment, and agree that bots,
and most worms, are in fact trojan horses with propagation capability,
then the argument is moot.
The main difference left these days is that what we now refer to as a
"worm" often belongs to a family of such worms, or is new code used only
by that worm (until copied).
With bots we have a world I often used to refer to, years ago, as "open
source viruses" - NOT to be confused with the Open Source
world/community(ies).
[ I remember a reporter talking to me a few years ago trying to get a
quote out of me (good luck) and not just a quote, but one implicating the open
source world with viruses. uh huh. ]
Bot/Trojan horses sources are floating around in the Gigs, with modules,
add-ons and plugins ready to add functionality to them all around, hence
the bot families. These families started a long time ago with script.ini,
yet in a significant way with the sdbot (later agobot, rbot, etc.) and the
rest is history.
With so many source examples, tech support forums, etc. the world for the
bot authors is "fun" and easy. Even more, the kiddies used to trade these
like candy, if I am to quote a friend. These days they just "have" them.
So, where IS the difference between "worms" and "bots"? Availability. The
bot source is available, a proof of concept code comes out.. and brand new
bot is released.
There used to be a buzzword in the press around 2003-2004 called "worm",
on every new worm that would come out there would be 10 news articles
before you said.. hmm.. jack.
Enter the botnet.
Bots (trojans, but limited to that definition) existed back then and were
mostly ignored. Today though, as far as the press is concerned, they are
the new buzzword and will be discussed every day. This is not the fault of
the press, but rather of those who feed them the information.
I am happy botnets are mainstream, but what's the next major
buzzword? Will it also be a real threat? Will this one be forgotten?
Gadi.
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
