lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 2 Jan 2007 01:38:11 -0600
From: "Jason Miller" <jammer128@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd:  Botnets: a retrospective to 2006,
	and where we are headed in 2007

---------- Forwarded message ----------
From: Jason Miller <jammer128@...il.com>
Date: Jan 2, 2007 1:37 AM
Subject: Re: [Full-disclosure] Botnets: a retrospective to 2006, and where
we are headed in 2007
To: Gadi Evron <ge@...uxbox.org>

personally i dont think its going to change at all, but with vista coming
out, as far as the pcs with xp home/pro, if a serious exploit is found in
those, guess whats gonna happen? every single one is going to be exploited
and botted/trojaned (same thing?). and if a serious vulnerability is found
in vista we're in even more trouble, with buisness versions of it out
already, that could be a serious compromise to a corperate environment..
other than that.. i dont think much is really going to change unless
something big happens, like every single dns provider implements dns
tracking and monitering. another idea, what about ISPs actually monitering
connection counts to their residental lines? i dont think over 10k
connections going TO, not from a regular home connection in under a few
hours is normal unless they're doing something like bittorrent with DHT
enabled.. then i could see alot of traffic, but still.. ISPs really should
start monitering connections and such. because most of the compromised
machines are connecting to a hacked ircd, and alot of times, these are on
home connections with long lease times on IP addresses (50day+). but these
are just my thoughts.  comments?

On 12/22/06, Gadi Evron <ge@...uxbox.org> wrote:
>
> A few months back I released a post on where I think anti-botnets
> technology is heading ( http://blogs.securiteam.com/index.php/archives/697).
> Now it's time for what happened in 2006, and what we can expect from here
> on.
>
> I am not a strong believer in such retrospective looks, as often, they are
> completely biased and based on what we have seen and what we want to
> see. This is why I will try and limit myself to what we know happens and
> is likely to get attention, as well as what we have seen tried by bad
> guys, which is working for them enough to take to the next level.
>
> What changed with botnets in 2006:
> 1.Botnets reached a level where it is unclear today what parts of the
> Internet are not compromised to an extent. Count by clean rather than
> infected.
> 2. Botnets have become the most significant platform from which virtually
> any type of online attack and crime are launched. Botnets equal an online
> infrastructure for abusive or criminal activity online.
> 3. In the past year, botnets have become mainstream. From a not existent
> field even in the professional realm up to a few years ago, where attacks
> were happening constantly reagrdless, it has turned to the main buzzword
> and occupation of the security industry today, directly and indirectly.
> 4. Websites have returned to being one the most significant form of
> infection for building botnets, which hadn't been the case since the late
> 90s.
> 5. Botnets have become the moving force behind organized crime online,
> with a low-risk high-profit calculation.
> 6. New technologies are finally being introduced, moving the botnet
> controllers from using just (or mainly) IRC to more advanced C&C (command
> and control) channels such as P2P, or multi-layered, such as DNS and IRC
> on the OSI model.
> 7. Botnets used to be a game of quantity. Today, when quantity is assured,
> quality is becoming a high concern for botnet controllers, both in type of
>
> bot as well as in abilities.
>
> What's going to happen with botnets in 2007:
>
> Botnets won't change. All will remain the same as it has been for
> years. Awareness however, will increase making the problem appear larger
> and larger, perhaps approaching its real scale. The bad guys would utilize
> their infrastructure to get more out of the bots (quality once quantity is
> here) and be able to do more than just steal cash. Maximizing their
> revenue.
>
> Further, more and more attackers unrelated to the botnet controllers will
> make use of already compromised systems and existing botnets to gain
> access to networks, to facilitate anything from corporate espionage and
> intelligence gathering, to shame-less and open show of strength to those
> who oppose them (think Blue Security), in the real world as well as the
> cyber one (which to the mob is one and the same, it's the income that
> speaks).
>
> Meaning, the existing botnets infrastructure will be utilized both in an
> open fashion, due to the fact online miscreants (real-world mob) face
> virtually no risk, as well as quiet and secretive uses for third-party
> intelligence operations.
>
>         Gadi Evron.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ