funsec mailing list archives
Re: Finjan botnet story - fact or fiction?
From: "David Harley" <david.a.harley () gmail com>
Date: Thu, 23 Apr 2009 10:06:54 +0100
Interesting. Thanks. Bizarrely, the address in the whois record seems to be an outdoor clothing and camping kit outfit in Watford. But the registrant seems to have thought that Watford is in London. Not quite as bizarre as the 419-er who thought Edinburgh was in London. -- David Harley BA CISSP FBCS CITP Small Blue-Green World
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Julio Canto Sent: 23 April 2009 09:25 To: funsec Subject: Re: [funsec] Finjan botnet story - fact or fiction? David Harley escribió:ESet is detecting it (http://www.eset.com/threat-center/blog/?p=995) but theydon't seemto think it's a big-deal botnet.I hope that doesn't come back to haunt us. :-/FireEye published some comments about that same thing: http://blog.fireeye.com/research/2009/04/hexzone-ransomware-an
d-finjan.html#more
"It is possible that the zombie count discussed in the Finjan article includes zombies from multiple botnets instead of one. The idea that a central management system is being used to control the complete botnetweb instead of an individual bontnet looks more believable. A large figure like 1.9 million zombies is also understandable when we think in terms of a botnetweb. Otherwise (in my personal opinion) a piece of malware like Hexzone which is known to rely mostly on social engineering and passive attacks to spread may not be able to gain such a size in a few months as Finjan illustrated." -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | jcanto () hispasec com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Finjan botnet story - fact or fiction?, (continued)
- Re: Finjan botnet story - fact or fiction? Paul Ferguson (Apr 22)
- Re: Finjan botnet story - fact or fiction? Paul M. Moriarty (Apr 22)
- Re: Finjan botnet story - fact or fiction? Valdis . Kletnieks (Apr 22)
- Re: Finjan botnet story - fact or fiction? B.K. DeLong (Apr 22)
- Re: Finjan botnet story - fact or fiction? Alex Lanstein (Apr 22)
- Re: Finjan botnet story - fact or fiction? Gadi Evron (Apr 22)
- Re: Finjan botnet story - fact or fiction? Paul M. Moriarty (Apr 22)
- Re: Finjan botnet story - fact or fiction? Larry Seltzer (Apr 22)
- Re: Finjan botnet story - fact or fiction? David Harley (Apr 23)
- Re: Finjan botnet story - fact or fiction? Julio Canto (Apr 23)
- Re: Finjan botnet story - fact or fiction? David Harley (Apr 23)
- Re: Finjan botnet story - fact or fiction? Paul M. Moriarty (Apr 22)
- Re: Finjan botnet story - fact or fiction? Paul Ferguson (Apr 22)
- Re: Finjan botnet story - fact or fiction? David Harley (Apr 23)
- Re: Finjan botnet story - fact or fiction? Gadi Evron (Apr 25)
- Re: Finjan botnet story - fact or fiction? David Harley (Apr 25)
- Re: Finjan botnet story - fact or fiction? Paul M. Moriarty (Apr 25)
- Re: Finjan botnet story - fact or fiction? David Harley (Apr 26)
- Re: Finjan botnet story - fact or fiction? David Harley (Apr 26)