Educause Security Discussion mailing list archives
Re: Cyberattacks Down?
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Wed, 8 Dec 2004 15:18:02 -0600
FYI and somewhat related: Our research into IRC botnets over the past 2.5yrs indicates that the number of Trojaned EDU hosts operating within IRC is down from ~9.5% of all compromised IRC bots identified in 2003 to ~2.7% of all compromised IRC bots identified in 2004. ** Based on a sample of ~57K unique compromised hosts in IRC ** Perhaps EDUs should be congratulated? EDUs appear to have been working on the problem, has the rest of the Internet? Perhaps ISPs responsible for Cable/DSL users should be held accountable. Our data indicates that these groups are the fastest growing problem wrt botnets.. This leads to the following questions: o why aren't ISPs more reliable in addressing their offending hosts? o why aren't ISPs that don't remove offending hosts once identified fined in some way? o why are ISPs who don't use reverse-path forwarding checks allowed to operate? ~cam. ps. should note that in reporting all of these compromised hosts, we noticed that the .COMs/NETs stayed online far longer than the EDU hosts and that in most cases the respective ISPs never addressed the problems. Cam Beasley CISSP CIFI Sr InfoSec Analyst ITS/Information Security Office University of Texas at Austin cam () mail utexas edu -----------------------------
-----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jere Retzer Sent: 2004, December 07, Tuesday 12:15 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cyberattacks Down? A recent Network World story, http://www.nwfusion.com/supp/2004/cybercrime/112904cybersecuri ty.html reported that Cybercrime is down substantially. This surprised me. I agree that security managers, if those on this list are representative and our tools are better. However, I'm under the impression that the threats, particularly mutating, spyware and phishing are rapidly getting worse and there remain a large number of infected and unprotected machines on the net that are breeding grounds and launch pads for attacks. I was of the opinion until I read this that the threats had become so bad in health care we need to think about creating secure overlay networks. What do you think? Thanks. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Cyberattacks Down? Jere Retzer (Dec 07)
- <Possible follow-ups>
- Re: Cyberattacks Down? Jordan Wiens (Dec 08)
- Re: Cyberattacks Down? Barbara Griffith (Dec 08)
- Re: Cyberattacks Down? Cam Beasley, ISO (Dec 08)
- Re: Cyberattacks Down? Joe St Sauver (Dec 08)
- Re: Cyberattacks Down? John Kristoff (Dec 08)
- Re: Cyberattacks Down? Wayne Wilson (Dec 13)
- Re: Cyberattacks Down? Joe St Sauver (Dec 13)