lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <422B0631.7070602@tehila.gov.il>
Date: Sun, 06 Mar 2005 15:31:29 +0200
From: Gadi Evron <gadi@...ila.gov.il>
To: bugtraq@...urityfocus.com
Subject: drone armies C&C report - Feb/2005


Below is a periodic public report from the drone armies / botnets
research and mitigation mailing list.
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources.

According to our incomplete analysis of information we have thus far, we
now publish two reports.


The ISP's that are most often plagued with botnet C&C's (command &
control) are, by the order listed:
----------------------------------
Responsible Party		Count	ASN
SAGONE Sago Networks		16-20 	21840
THEPL-1 THE PLANET*		16-20	{21844,13884}
PNAP Internap Network Services	11-15	{10913,13790,14742,14744}
STAMIN-2 Staminus Communicatio	11-15	25761
ATRIV Atrivo			11-15	27595
MSG-48 Managed Solutions Group	8-10	27645
YIPS Yipes Communications  Inc	8-10	6517
LEVEL3 Level 3 Communications	8-10	3356

* Note that the above details are only for botnet C&C's that are still
   active.

* We would gladly like to establish a trusted relationship with
   these and any organizations to help them in the future.

* Please note the serious decrease in live Korean botnets, largely due
   to the efforts of KrCERT.


The Trojan horses most used in botnets:
---------------------------------------
The below details have not changed much, although we are seeing an
increase in rBot variants.

1. Korgobot.
2. SpyBot.
3. Optix Pro.
4. rBot.
5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots,
    etc.).


Contact information:
Hank Nussbacher <hank@...l.iucc.ac.il>
Gadi Evron (as specified below)


-- 
Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.

gadi@...ila.gov.il
gadi@...T.gov.il
Office: +972-2-5317890
Fax: +972-2-5317801
http://www.tehila.gov.il

The opinions, views, facts or anything else expressed in this email
message are not necessarily those of the Israeli Government.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ