Full Disclosure mailing list archives
Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz)
From: Egoist <mastah () phreaker net>
Date: Mon, 14 Mar 2005 23:26:46 +0300
Hello Valdis, Monday, March 14, 2005, 10:45:32 PM, you wrote: VKve> On Mon, 14 Mar 2005 22:01:39 +0300, Egoist said:
Lot of systems? Where you get that statistic ? How do u analyze that? Antivirus software catched agobot on some computer and you just increment counters?
VKve> Right. I find an agobot, I increment a counter. VKve> If the counter ends up at '3', agobot hasn't hit many systems. VKve> If the counter ends up at '3,000,000', agobot has hit a lot of systems. Yes, you're right. How much computers exist on earth? 3m ?, 9m ?, 20m? Is 3,000,000 really big counter if we have another undetected malware that ownz 9,000,000 boxes? Maybe i just misunderstand you, but i try to inform you that here are millions of computers infected with malware that just not catched by AV. VKve> Are you seriously trying to convince us that agobot *didn't* infect a lot of It did. VKve> systems? I suppose that next, you're going to try to convince us that the lame VKve> code in Nimda and Nachi didn't hit many systems either, because of its lameness.... I never will say that. VKve> I never claimed there weren't bots that weren't being detected - what I said was VKve> that the lamely-coded bots have still managed to nail a lot of systems. Know why? Because even stupid script kiddie can download iframe/ani/css epxloit from *sec*.com , write basic loader, put this all shit to their website, buy traffic from some traffic traders, change 1 #define in agobot (irc server) and 1 #define (channel), then buy dedicated server, setup ircd and became "cool hacker". VKve> And just because my car has a slow oil leak that I haven't been able to track down VKve> the exact cause is no reason to not change the brake pads when they start squealing. Right. Do you think your tcpdump show all traffic? (it uses windowz API) Do you think your process explorer show all proc's ? (it uses windowz API too) Even if you setup FreeBSD router behind you and internet at your home (like i have) Do you really think that good coded malware can't 'investigate' your normal traffic and try to be like it? How? This is another story... -- Best regards, Egoist mailto:mastah () phreaker net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Know Your Enemy: Tracking Botnets (Thorsten Holz) David Jungerson (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) phased (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[4]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[4]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Thorsten Holz (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) phased (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Thorsten Holz (Mar 14)
- RE: Re: Know Your Enemy: Tracking Botnets(ThorstenHolz) Aditya Deshmukh (Mar 14)
- Good security books Scott White (Mar 14)
- Re: Good security books Dave King (Mar 14)
- Re: [FD] Good security books Andrew J Caines (Mar 14)
- RE: Re: [FD] Good security books Scott White (Mar 14)
- RE: Re: [FD] Good security books Edward Ray (Mar 14)
- Re: Re: [FD] Good security books Anders Langworthy (Mar 15)