Vladis, > We don't see dedicated and targeted attacks at 4 million cablemodem users > designed to drop off trojans, ddos zombies, and similar.
Sure. I wasn't claiming that worms don't get deployed, neither that they do not pose a huge problem. My point was rather that the fact something might not be an addressable target for a worm it doesn't automatically make it an unattractive target altogether. Just because it can't be mass-exploited, doesn't mean people are not going to use it as an entry point. We haven't seen worms for a whole bunch of Unix vulnerabilities that pretty much appeared in all variants, free or not. Still, these are being actively exploited on a daily basis. The fact that these things are not maxing out people's bandwidth or just make the machine blatantly unusable sure makes them less noticed. However, if you care about the specific security of data on your network, they're at risk all the same. In this regard (beat me for this), worms like MSBlaster sure did have security-enhancing side effect, because people patched their boxen that otherwise wouldn't have even thought about it - or noticed. > Many of the worst "dedicated and targeted attacks" of late presuppose the > presence of a zombie net - preventing the formation of such a net then makes > the attack a lot harder to carry out. I'm not talking about DDoS, and a zombie net isn't necessary to obfuscate the origin of your actions. I mean the 'find target, strike, cover your ass' sort of attack. VoIP installations sure is an attractive target for such operations, don't you think? > > And for that matter, installation of a keystroke logger to sniff out credit card > numbers *IS* a dedicated and targeted attack - on the credit card system. I don't quite get your point here - did I claim anything else? Cheers, J. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
