Date: Sun, 11 Jul 2004 21:10:21 +0300
From: Jan Knutar <jknutar@....fi>
To: bugtraq@...urityfocus.com
Cc: ge@...uxbox.org
Subject: Re: current leading bots used in drone armies [June/July 2004]



<snip and reordered>
> Over-time, a drone army can reach hundreds of thousands of infected drones
> in size, and new armies/drone are created daily. There are a lot more than
> just a few drone armies out there, and the Trojan horses used change
> constantly.
<snip and reorder>
> Trojan horses used in drone armies and Trojan horses installed on "lonely"
> infected machines far outnumber the amounts of infected users from _most_
> worms.
<snip & reorder>

> It's always funny to me how some in the AV industry would at times hype new
> worms or new barely different variations of worms, in the media, while
> ignoring drone armies almost completely.

What disturbs me, is the impression I get from the AV industry, of them not caring
at all about even attempting to detect trojans/drones. At most a checksum based
check is added if someone reports on particular trojan, which isn't really useful at
all. From a purely practical point of view, it would seem to me that attaching 
trojan/drone protection to AV software functionality would be the most effective
way of getting users secured against this, as we all know, trying to educate the
great masses is nearly impossible at best.

These vast amount of drone armies have been a problem for some people for years
now, but it is only now that they start to be used for Spam, instead of the "armies"
fighting against eachother with some ocasional ISP knocked offline in collateral
damage for a few hours, that people seem to wake up and realize this is perhaps
a problem that shouldn't just be categorized and filed away under "Internet ghetto
activity we do not need to worry about".

Gadi, I wish you luck in making much more "weird noises"!

Powered by blists - more mailing lists