lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 14 Sep 2006 16:59:55 +0300
From: "Toby McKay" <mcktoby@...il.com>
To: "Gadi Evron" <ge@...uxbox.org>
Cc: botnets@...testar.linuxbox.org, full-disclosure@...ts.grok.org.uk
Subject: Re: the world of botnets article and wrong numbers

On 9/14/06, Gadi Evron <ge@...uxbox.org> wrote:
>
> > hi guys
> > i ask gadi on the botnets listserv on where he got the number 12K for
> > bots every month on his the world of botnets article [
> > http://www.beyondsecurity.com/whitepapers/SolomonEvronSept06.pdf
>
> You did..
>
> > ] .. he gave no real answer.
> > does that number sound right to anybody? where did you come up with it
> > gadi?
>
> First, the link I prefer people use is the one on my blog at securiteam,
> as it holds the copyright notice for Virus Bulletin, under which I was
> allowed to host the article:
> http://blogs.securiteam.com/index.php/archives/593
>
> Numbers...
> I can't speak for others, but I can try to answer better than I did on the
> botnets mailing list on whitestar.
>
> On individual honey nets, even rather large ones, the number of unique
> samples often assembled can be somewhere between 200 and 800
> a month.. depending on how wide it is spread and the networks it sits
> on. Which is why many of us cooperate.
>
> >From cumulative honey nets monitoring of such smaller (yet very
> effective) nets, and some larger nets, we get to a number of about 15K new
> bot samples every month (Alan Solomon and myself wrote 12K, so we
> underplayed it a bit due to statistics being a bit shaky). So the real avg
> number is somewhere around 15K new unique samples a month.
>
> Further, the anti virus world sees about the same numbers.
>
> The Microsoft anti malware team (and Ziv Mador specifically) spoke of 15K
> avg bot samples a month, as well.
>
> I don't know what others may be seeing, but this is our best estimate as
> to what's going on with the number of unique samples released every month.
>
> Jose Nazarijo from Arbor replied on the botnets list that he sees similar
> numbers.
>
> I hope this helps... what are you looking to hear?
>
>         Gadi.


can you show samples for a month? can you show them as being real or in you
rmind?



>
> > ./mcktoby
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ