To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- As promised, I bought the book and finally received it (thanks for the slow turn around Amazon).
I have begun reading it, and although I am only starting the third chapter I am wholly unimpressed. Before I discuss the text of the book, I am curious to know. Is it a print problem or do many of the graphics in the book look overly blurry or excessively jagged? Some of the pictures look like they were compressed to a monochrome bitmap of about 2k in size (see page 47). My experience with botnets seem to differ in many ways from the text in the book: The book begins by describing what SDBot, Agobot, GTBot, etc do. They include lists of ports and vulnerabilities that the given bot exploits, actions it may perform etc. The book doesn't make the point strong enough that a lot of code (especially SDBot code) started off as simply a public offering and evolved through many different trees by people with no organization. These trees criss-crossed without any knowledge of many of the contributors. In fact, as I recall SDBot (at least a couple of versions from sd) was released to the public without a single attack vector. It is my belief that this version is responsible for the most variants due to it's availability. The book seems to be making a point that bots are being used by organized crime. I think this point has been pushed on my fronts of this issue by many people, however I remain doubtful. In my experience with farmers (or bot herders as the book calls them) is that they're packet kiddies out to DoS their moronic buddies or enemies. The botnet was just a natural evaluation from Trinoo/TFN/Trinity/Kaiten or if they're even lamer then Backorifice, etc. Though I do certainly accept that some lone individuals use botnets for monitary gain (avert scams), I wouldn't classify it as organized. Look at the numbers given in the book: -4.5 Million active botnet computers -A small botnet is 10,000 computers That means that there are about 500 botnets active. The book states only a handful of cases that involved organized crime, possibly 5 cases. That means that they've identified at least 0.01% of the 500 botnets are being run by the big evil organized crime people. Not to say that proves them wrong, but it isn't enough evidence for me. I believe they are sensationalizing this fact quite a bit. The book paints a pretty diagram showing how people with their cam corders run from the movie theatre directly to their dorm and upload their bootlegs to topsites which are actually botnets. This is a silly notion. A great deal movies that are available on the internet today (and much software) are released by organized (though not by for profit) piracy groups (the 'scene'). These groups do use topsites, but they are FTP servers running on legitmate hardware (a member of the group may be a sysadmin at MIT for example). These topsites and groups are not even remotely affiliated with botnets (or at least weren't in 2002 which is when my experience dates to). The offenders identified (from Drink or Die, Razor1911, etc) wouldn't be caught dead touching a botnet, as it would do great damage to their reputation. Furthermore, these elite groups have very little use for clickthrough scams, distributed storage, or dos attacks. I feel like the authors are making a far too liberal attempt at connecting the dots on many issues. I am also slightly disappointed as it seemed much of the book will be focused on general intrusion detection techniques, sandboxing, reporting etc and less on practical cases, motivation, C&C methods, encryption and more technical aspects of the bot itself. I will report my final thoughts when I complete the book. Craig On Sunday 08 July 2007 21:53, Thomas Raef wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Gadi, > > It's easier for people to just buy the book. I bought it about a month > ago and have read it a few time already. Nice work! _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
