Educause Security Discussion mailing list archives

Re: Cyberattacks Down?

From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Wed, 8 Dec 2004 15:18:02 -0600

FYI and somewhat related:

Our research into IRC botnets over the past 2.5yrs 
indicates that the number of Trojaned EDU hosts 
operating within IRC is down from ~9.5% of all 
compromised IRC bots identified in 2003 to ~2.7% 
of all compromised IRC bots identified in 2004.
** Based on a sample of ~57K unique compromised 
   hosts in IRC **

Perhaps EDUs should be congratulated?  EDUs
appear to have been working on the problem,
has the rest of the Internet?

Perhaps ISPs responsible for Cable/DSL users 
should be held accountable. Our data indicates 
that these groups are the fastest growing problem 
wrt botnets..

This leads to the following questions:
  o why aren't ISPs more reliable in addressing their
    offending hosts?
  o why aren't ISPs that don't remove offending hosts
    once identified fined in some way?
  o why are ISPs who don't use reverse-path
    forwarding checks allowed to operate?

~cam. 

ps. should note that in reporting all of these
compromised hosts, we noticed that the .COMs/NETs
stayed online far longer than the EDU hosts and
that in most cases the respective ISPs never
addressed the problems.

Cam Beasley CISSP CIFI
Sr InfoSec Analyst
ITS/Information Security Office
University of Texas at Austin
cam () mail utexas edu
-----------------------------

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jere Retzer
Sent: 2004, December 07, Tuesday 12:15
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cyberattacks Down?

A recent Network World story, 
http://www.nwfusion.com/supp/2004/cybercrime/112904cybersecuri
ty.html reported that Cybercrime is down substantially. This 
surprised me. I agree that security managers, if those on 
this list are representative and our tools are better. 
However, I'm under the impression that the threats, 
particularly mutating, spyware and phishing are rapidly 
getting worse and there remain a large number of infected and 
unprotected machines on the net that are breeding grounds and 
launch pads for attacks.  I was of the opinion until I read 
this that the threats had become so bad in health care we 
need to think about creating secure overlay networks. What do 
you think? Thanks.
********** Participation and subscription information for 
this EDUCAUSE Discussion Group discussion list can be found 
at http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Cyberattacks Down? Jere Retzer (Dec 07)
- <Possible follow-ups>
- Re: Cyberattacks Down? Jordan Wiens (Dec 08)
- Re: Cyberattacks Down? Barbara Griffith (Dec 08)
- Re: Cyberattacks Down? Cam Beasley, ISO (Dec 08)
- Re: Cyberattacks Down? Joe St Sauver (Dec 08)
- Re: Cyberattacks Down? John Kristoff (Dec 08)
- Re: Cyberattacks Down? Wayne Wilson (Dec 13)
- Re: Cyberattacks Down? Joe St Sauver (Dec 13)