lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 14 Sep 2006 07:55:25 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: full-disclosure@...ts.grok.org.uk
Cc: botnets@...testar.linuxbox.org
Subject: Re: the world of botnets article and wrong numbers

> hi guys
> i ask gadi on the botnets listserv on where he got the number 12K for
> bots every month on his the world of botnets article [
> http://www.beyondsecurity.com/whitepapers/SolomonEvronSept06.pdf

You did..

> ] .. he gave no real answer.
> does that number sound right to anybody? where did you come up with it
> gadi?

First, the link I prefer people use is the one on my blog at securiteam,
as it holds the copyright notice for Virus Bulletin, under which I was
allowed to host the article:
http://blogs.securiteam.com/index.php/archives/593

Numbers...
I can't speak for others, but I can try to answer better than I did on the
botnets mailing list on whitestar.

On individual honey nets, even rather large ones, the number of unique
samples often assembled can be somewhere between 200 and 800
a month.. depending on how wide it is spread and the networks it sits
on. Which is why many of us cooperate.

>>From cumulative honey nets monitoring of such smaller (yet very
effective) nets, and some larger nets, we get to a number of about 15K new
bot samples every month (Alan Solomon and myself wrote 12K, so we
underplayed it a bit due to statistics being a bit shaky). So the real avg
number is somewhere around 15K new unique samples a month.

Further, the anti virus world sees about the same numbers.

The Microsoft anti malware team (and Ziv Mador specifically) spoke of 15K
avg bot samples a month, as well.

I don't know what others may be seeing, but this is our best estimate as
to what's going on with the number of unique samples released every month.

Jose Nazarijo from Arbor replied on the botnets list that he sees similar
numbers.

I hope this helps... what are you looking to hear?

	Gadi.

> 
> ./mcktoby

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ