funsec mailing list archives
RE: Cambridge Professor Warns of Skype Botnet Threat
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 28 Jan 2006 00:00:37 +1300
Austin wrote:
A SIP worm would have a pretty killer "locality" aspect. Hitting all the other SIP-enabled devices in someone's address book would be a great way to compromise a single large site quickly, especially since network-wide rollouts of VoIP usually have homogenous hardware. Besides the personal exposure risk, think about the local DDoS you could get from compromising a couple hundred Cisco 7971's with gigabit ports... Bring down the local VLAN's, and saturate all those shiny inter-office links that give preferential QoS to VoIP traffic...
And you think this is different from an Outlook mass-mailer that uses the global address book for its address harvesting _back in the days before hardly anyone bothered doing (serious) virus scanning of Email_, how? A large multi-national's distributed LAN with, say 125,000 registered users (all contactible through the "All-Staff" (and then multiply via whichever of "All-Clerical", "All-Sales", "All-Techsupport", "All-DC", "All-NY", "All-Seattle", "All-SJ", etc, etc, etc they rightly belonged to) and "lucky" enough to have only two or three users dumb enough to double-click that attachment would generate several tens of millions of messages within a few minutes -- although many pulled the (external) plug on their mail systens there was really no need -- if it didn't rapidly melt-down of the its own accord, the server farm running Exchange would be groaning for hours and hours just trying to handle the _en_queueing load... Not saying that your VOIP scenario is not bad, BUT any senoir corporate IT'ers who lived through W97M/Melissa or VBS/LoveLetter or any of several other "show-stopper" mass-mailers back in the "bad old days" who has allowed a VOIP roll-out of the form you describe should be fired now and someone competent found to replace them. Oh wait -- that's right, we don't teach folk about the IT mistakes of the past and collectively MOST of IT forgets whatever it learnt about security the week before last! ... Or, in short -- SSDD... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cambridge Professor Warns of Skype Botnet Threat Fergie (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Larry Seltzer (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Richard M. Smith (Jan 25)
- Re: Cambridge Professor Warns of Skype Botnet Threat Paul Schmehl (Jan 25)
- encrypted botnets? Gadi Evron (Jan 25)
- <Possible follow-ups>
- RE: Cambridge Professor Warns of Skype Botnet Threat Fergie (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Larry Seltzer (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Austin (Jan 26)
- RE: Cambridge Professor Warns of Skype Botnet Threat Nick FitzGerald (Jan 27)