In message <[EMAIL PROTECTED]>, Ian Grigg writes:

>
>Also, to impune the plug-in arrangement is to
>impune all plug-ins, and to impune the download
>from an unknown is to impune all downloads from
>unknowns. 

Sounds about right...

...
>
>I.e., "download this fantastic tool" which
>just so annoyingly includes a trojan from the
>person who manages the site doesn't seem to
>occur as a real attack with any frequency.

In fact, the "come and get it" method seems to exceed the "scan and 
'sploit" method of building botnets.  That is, Trojans are a very 
active method of infection.
>
>(Partly because it takes a long time to find
>the right victim, and partly because it
>leaves the attacker static and vulnerable,
>I'm guessing.  In comparison, it seems that
>attackers get much better results by using
>targetted mass mailings tools to deliver
>their EMD.)

Botnets communicate via IRC, among many other ways.  Sometimes, they 
even use encrypted channels....


                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com (2nd edition of "Firewalls" book)



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to