funsec mailing list archives
Re: RE: Nice RBN/Storm worm writup in ×× ×××-X/X-Mas Blog
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 11 Jan 2008 14:28:31 -0600 (CST)
On Fri, 11 Jan 2008, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Gadi Evron <ge () linuxbox org> wrote:On Fri, 11 Jan 2008, Nick FitzGerald wrote:Much as I am possibly perceived as a raving MS (among others) critic, it's only fair to give credit where it's due, and I try to do that as and where appropriate...Determining factors, underline causes and why things happened in generalis never easy, but it is clear MSFT had a hand in the critical mass of bring storm down to size *currently*.I think we should give them public credit.Yes and no. :-) Yes: They deserve credit for bringing down the number of infected Storm nodes back in (or around September 2007 (if I recall correctly) when they released detection & removal for several Storm variants in the MSRT (Malicious Software Removal Tool). I think this was outlined in the last Microsoft Security Intelligence Report -- I know I talked with Ziv Mador from MS about this in detail during the WORM 2007 (The 5th ACM Workshop on Recurring Malcode) workshop back in early Nov. 2007. http://www.auto.tuwien.ac.at/~chris/worm07.html However, the puppet-masters behind Storm worked diligently during the holidays last month to repopulate the botnet, in fact, to over 200% of it's size at the beginning of the month: http://honeyblog.org/archives/156-Measuring-the-Success-Rate-of-Storm-Worm. html Anyone's guess is as good as mine was to why this effort was undertaken, but the recent developments which include phishing might be related. :-) - - ferg
Nitpicker! :)
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHh8djq1pz9mNUZTMRAhVOAJoD2X4qcFwjlO4km+gc8XLE1Cx4/gCfa7iU 1zmkfrWcpVuCm5vNWSWjrYA= =oxpY -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: RE: Nice RBN/Storm worm writup in ×× ×××-X/X-Mas Blog Paul Ferguson (Jan 11)
- Re: RE: Nice RBN/Storm worm writup in ×× ×××-X/X-Mas Blog Gadi Evron (Jan 11)
- Re: RE: Nice RBN/Storm worm writup in ×× ×××-X/X-Mas Blog Dude VanWinkle (Jan 13)
- Re: RE: Nice RBN/Storm worm writup in ×× ×××-X/X-Mas Blog Nick FitzGerald (Jan 14)