In message <[EMAIL PROTECTED]>, Ian Grigg writes: > >Also, to impune the plug-in arrangement is to >impune all plug-ins, and to impune the download >from an unknown is to impune all downloads from >unknowns.
Sounds about right... ... > >I.e., "download this fantastic tool" which >just so annoyingly includes a trojan from the >person who manages the site doesn't seem to >occur as a real attack with any frequency. In fact, the "come and get it" method seems to exceed the "scan and 'sploit" method of building botnets. That is, Trojans are a very active method of infection. > >(Partly because it takes a long time to find >the right victim, and partly because it >leaves the attacker static and vulnerable, >I'm guessing. In comparison, it seems that >attackers get much better results by using >targetted mass mailings tools to deliver >their EMD.) Botnets communicate via IRC, among many other ways. Sometimes, they even use encrypted channels.... --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]