David Harley escribió: >> ESet is detecting it >> (http://www.eset.com/threat-center/blog/?p=995) but they >> don't seem to think it's a big-deal botnet. > > I hope that doesn't come back to haunt us. :-/
FireEye published some comments about that same thing: http://blog.fireeye.com/research/2009/04/hexzone-ransomware-and-finjan.html#more "It is possible that the zombie count discussed in the Finjan article includes zombies from multiple botnets instead of one. The idea that a central management system is being used to control the complete botnetweb instead of an individual bontnet looks more believable. A large figure like 1.9 million zombies is also understandable when we think in terms of a botnetweb. Otherwise (in my personal opinion) a piece of malware like Hexzone which is known to rely mostly on social engineering and passive attacks to spread may not be able to gain such a size in a few months as Finjan illustrated." -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [email protected] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
