[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050314114952.3B3575D3E1@lists.grok.org.uk>
From: randallm at fidmail.com (Randall M)
Subject: Know Your Enemy: Tracking Botnets
Now that you two have reacquainted yourselves can we can back to the paper?
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of pingywon
Sent: Sunday, March 13, 2005 10:02 PM
To: Egoist
Cc: full-disclosure@...ts.grok.org.uk; honeypots@...urityfocus.com;
dailydave
Subject: Re: Re[2]: [Full-disclosure] Know Your Enemy: Tracking Botnets
hello cock monger
~pingywon
----- Original Message -----
From: "Egoist" <mastah@...eaker.net>
To: "pingywon" <pingywon@...mail.com>
Cc: "Thorsten Holz" <thorsten.holz@...eg.rwth-aachen.de>; "dailydave"
<dailydave@...ts.immunitysec.com>; <honeypots@...urityfocus.com>;
<full-disclosure@...ts.grok.org.uk>
Sent: Sunday, March 13, 2005 10:40 PM
Subject: Re[2]: [Full-disclosure] Know Your Enemy: Tracking Botnets
> Hello pingywon,
>
> Monday, March 14, 2005, 6:22:43 AM, you wrote:
>
> p> haha .. I didnt think anyone was REALLY named Thorsten
>
> p> ... I mean good paper....
>
> p> ~pingywon
>
>
> p> ----- Original Message -----
> p> From: "Thorsten Holz" <thorsten.holz@...eg.rwth-aachen.de>
> p> To: "dailydave" <dailydave@...ts.immunitysec.com>;
> p> <honeypots@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
> p> Sent: Sunday, March 13, 2005 10:08 PM
> p> Subject: [Full-disclosure] Know Your Enemy: Tracking Botnets
>
>
> >> Greetings,
> >>
> >> The Honeynet Project and Research Alliance is excited to announce the
> >> release of a new paper "KYE: Tracking Botnets". This paper is based on
> >> the extensive research by the German Honeynet Project.
> >>
> >> KYE: Tracking Botnets
> >> http://www.honeynet.org/papers/bots/
> >>
> >> Abstract:
> >> ---------
> >>
> >> Honeypots are a well known technique for discovering the tools,
tactics,
> >> and motives of attackers. In this paper we look at a special kind of
> >> threat: the individuals and organizations who run botnets. A botnet is
a
> >> network of compromised machines that can be remotely controlled by an
> >> attacker. Due to their immense size (tens of thousands of systems can
be
> >> linked together), they pose a severe threat to the community. With the
> >> help of honeynets we can observe the people who run botnets - a task
> >> that is difficult using other techniques. Due to the wealth of data
> >> logged, it is possible to reconstruct the actions of attackers, the
> >> tools they use, and study them in detail. In this paper we take a
closer
> >> look at botnets, common attack techniques, and the individuals
involved.
> >>
> >> We start with an introduction to botnets and how they work, with
> >> examples of their uses. We then briefly analyze the three most common
> >> bot variants used. Next we discuss a technique to observe botnets,
> >> allowing us to monitor the botnet and observe all commands issued by
the
> >> attacker. We present common behavior we captured, as well as statistics
> >> on the quantitative information learned through monitoring more than
one
> >> hundred botnets during the last few months. We conclude with an
overview
> >> of lessons learned and point out further research topics in the area of
> >> botnet-tracking, including a tool called mwcollect2 that focuses on
> >> collecting malware in an automated fashion.
> >>
> >> Thank you for your time,
> >> Thorsten Holz, on behalf of the GHP
> >> (http://www-i4.informatik.rwth-aachen.de/lufg/honeynet)
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://www.secunia.com/
> >>
> p> _______________________________________________
> p> Full-Disclosure - We believe in it.
> p> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> p> Hosted and sponsored by Secunia - http://www.secunia.com/
>
> lol i am too
>
> shit my botnet just increases in size wow
>
> --
> Best regards,
> Egoist mailto:mastah@...eaker.net
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Powered by blists - more mailing lists