Re: Finjan botnet story - fact or fiction?

[Julio Canto <jcanto () hispasec com>]

David Harley escribió:
> > ESet is detecting it 
> > (http://www.eset.com/threat-center/blog/?p=995) but they 
> > don't seem to think it's a big-deal botnet.
>
> I hope that doesn't come back to haunt us. :-/

FireEye published some comments about that same thing:

http://blog.fireeye.com/research/2009/04/hexzone-ransomware-and-finjan.html#more

"It is possible that the zombie count discussed in the Finjan article
includes zombies from multiple botnets instead of one. The idea that a
central management system is being used to control the complete
botnetweb instead of an individual bontnet looks more believable.  A
large figure like 1.9 million zombies is also understandable when we
think in terms of a botnetweb.  Otherwise (in my personal opinion) a
piece of malware like Hexzone which is known to rely mostly on social
engineering and passive attacks to spread may not be able to gain such a
size in a few months as Finjan illustrated."


-- 
Regards,

Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025
| Fax: +34.952.028.694 | PGP Key ID: EF618D2B | jcanto () hispasec com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.