Re: NSP-SEC

[Rich Kulawiec <rsk () gsp org>]

On Sun, Mar 21, 2010 at 09:37:09PM +0000, James Bensley wrote:
> On 19 March 2010 14:19,  <Valdis.Kletnieks () vt edu> wrote:
> You *do* realize that
> > there's an estimated 140,000,000 bots on the net, right
>
> As many as that? Thats 1 in 12 according to
> http://www.internetworldstats.com/stats.htm. 

I think that estimate's a bit on the low side, but it's certainly very
plausible, based on growth rates that have been observed over the past
seven years.  I think any estimate under 100M should be laughed out of
the room, and that 200M is not unreasonable, although it's arguably
edging toward the upper error bars.

What's disconcerting about this -- well, actually there are a number
of disconcerting things about this, but let me pick one -- is that our
adversaries have convincingly demonstrated that they understand concepts
like reserves, concealment, and misdirection.  It's therefore entirely
sensible to wonder how many system which are not presently displaying
any externally-observable symptoms are in fact bots but are simply not
being used as such -- for now.

There is, by the way, no relief from this due to events like the
recent bust of the Mariposa botnet (13M systems); all that means is
that there are now 13M pre-compromised systems waiting for the first
person clever enough to conscript them into *their* botnet.

---Rsk