And that remote drop zone is limited in scope, and well known.
> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Gadi Evron > Sent: Friday, February 19, 2010 5:38 AM > To: [email protected] > Subject: Re: [funsec] ZeuS: 'A Virus Known as Botnet' > > On 2/19/10 3:26 PM, Paul Ferguson wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Spot on. > > > > It's just yet another banking/phishing trojan with a remote drop zone. > > Gadi. > > > > [snip] > > > > As a journalist who for almost ten years has sought to explain > complex > > computer security topics to a broad audience, it's sometimes > difficult > > to be picky when major news publications over-hype an important > security > > story or screw up tiny details: For one thing, Internet security so > seldom > > receives more than surface treatment in the media that the increased > > attention to the issue often seems to excuse the breathlessness with > which > > news organizations cover what may seem like breaking, exclusive > stories. > > > > The trouble with that line of thinking is that an over-hyped story > tends to > > lack important context that helps frame the piece in ways that make > it more > > relevant, timely, and actionable, as opposed to just sensational. > > > > I say this because several major media outlets, including The > Washington > > Post and the Wall Street Journal, on Thursday ran somewhat uncritical > > stories about a discovery by NetWitness, a security firm in Northern > > Virginia that has spent some time detailing the breadth of infections > by a > > single botnet made up of PCs infected with ZeuS, a password stealing > Trojan > > that lets criminals control the systems from afar. NetWitness found > that > > this particular variant of the botnet, which it dubbed "Kneber," had > > invaded more than 2,500 corporations and 75,000 computers worldwide. > > > > [snip] > > > > Much more: > > http://www.krebsonsecurity.com/2010/02/zeus-a-virus-known-as-botnet/ > > > > My favorite: > > > > "This is just some of the context that would have been nice to see in > any > > of the mainstream press treatment of this research. From where I sit, > > security stories that lack appropriate context tend to ring hollow, > and > > squander important opportunities to raise awareness on the size, > scope and > > real-world impact of these threats." > > > > - - ferg > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.5.3 (Build 5003) > > > > wj8DBQFLfpGXq1pz9mNUZTMRAuy9AKCELOvvsBPnY/cCLcO4b4y/Xbeh+wCg4uFq > > Yq/n97/qyYLG2zKUOu/iJBw= > > =EM5Q > > -----END PGP SIGNATURE----- > > > > > > > -- > Gadi Evron, > [email protected]. > > Blog: http://gevron.livejournal.com/ > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
