To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
This can lead to interesting discussion here.
Gadi.
http://groups.google.com/group/alt.spam/browse_thread/thread/2743ab4ada542faa/fb3c3019600944cc?q=Botnet&rnum=10#fb3c3019600944cc
> Probably because the people who analyse them choose not to
> publicise their results. Perhaps they take the view that a
> document providing an analysis of a spam zombie ...
If all this supposed secrecy actually was leading to a good result - a
reduction in the number of spammers or zombies - then the tradeoff to
keep the info secret would be worth it. But it appears that the
secrecy is doing nothing but keep everyone in the dark in the fight
against spam as it increases.
This secrecy argument is like the stupidity of the US no-fly list.
The most dangerous names are kept off the list because the agencies
that know the names don't want to put the names "out there" on the
list. The danger is being too secretive, to the point that AV
software doesn't even have the ability to detect known botnet or
zombie code.
And it's not detailed information like actual code we're talking
about.
Knowing the average life-span of a zombie, how long does it run during
a typical session, how many spams does it spew, does it perform MX
lookups or is that done for it somewhere else, the actual evolution
rate of the SMTP engines, clues that ISP's could use to identify a
zombie before it starts a spam run, etc.
It's doubly more stupid if the secrecy extends to NOT providing AV
companies with actual binaries from infected machines so that they can
be incorporated into definition files.
How many viruses and trojans are named and actually on file as being
the actual spam SMTP agents anyways? Sure we know all about many of
the initial infectors, the network worms, the web and java exploits.
But what about the code that does the actual bot-communication and
spam-sending? How many of these have been named and incorporated into
AV definition files?
Here's some interesting reading:
----------------------------
Is the Botnet Battle Already Lost?
http://www.eweek.com/article2/0,1895,2029720,00.asp
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
