nanog mailing list archives

Re: Black Frog - the botnets keep coming

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 26 May 2006 03:04:31 -0500 (CDT)


On Thu, 25 May 2006, Sean Donelan wrote:


On Thu, 25 May 2006, Gadi Evron wrote:

I hate for this to be a quote by me, but Super Worms which steal credit
card, account data, login info. etc. for banks, credit card companies and
ecommerce sites online number at the millions a day. Including repeat
customers.

As to signle banks, forget my numbers for a second, I am willing to accept
yours for the sake of argument (we can argue digits over the phone). A
million in losses a day is enough.


According to you, 500,000 bots a day and $1,000,000 in losses a day; so
there is about 50 cents of potential savings per bot to pay for fixing
those computers.

How much does it cost to repair the average compromised computer?  For
some people its cheaper to buy a new computer than to fix the old one.

I don't believe most of the numbers published, but lets use some other
people's numbers.  One consulting firm estimates $2 Billion in losses a
year.  That results in less than $10 of savings per new bot (assuming
500,000/day) to fix the computers.  If there are even more bots, the
numbers just get worse.

For comparison, Cardweb's estimate of credit card fraud is about $14
Billion in 2004.  Merchants are hit with about 90% of credit card fraud,
and banks about 10%.  CFCA's estimate for telecommunications fraud is
about $55-60 Billion in 2003.

Regardless of the numbers, I think we are currently stuck in a very
nasty spot

      1. Reduce the cost of fixing/protecting a computer
      2. or increase the losses from compromised computers

Either way, the consumer will eventually end up paying for it.


Indeed, but even worse. The problem is moving to the user side.

Regular type "fake site" phishing is going to be with us for a long time
yet but several of the organized crime groups involved are hard at work at
released Trojan horses using root kit technology daily, which basically
steals your credentials to every HTTPS site you enter, and reports home.

How do banks, ISP's, or whoever else defend from the roblem moving to the
user-side? That is a very interesting question indeed. :)

        Gadi.

Current thread:

Re: Black Frog - the botnets keep coming, (continued)
- - - Re: Black Frog - the botnets keep coming David Ulevitch (May 25)
    - Re: Black Frog - the botnets keep coming Gadi Evron (May 25)
    - Re: Black Frog - the botnets keep coming Eric Whitehill (May 25)
    - Re: Black Frog - the botnets keep coming Henry Linneweh (May 25)
    - Re: Black Frog - the botnets keep coming Gadi Evron (May 25)
    - Re: Black Frog - the botnets keep coming Valdis . Kletnieks (May 25)
    - Re: Black Frog - the botnets keep coming Robert Boyle (May 25)
    - Re: Black Frog - the botnets keep coming Gadi Evron (May 25)
    - Re: Black Frog - the botnets keep coming Sean Donelan (May 25)
    - Re: Black Frog - the botnets keep coming william(at)elan.net (May 25)
    - Re: Black Frog - the botnets keep coming Gadi Evron (May 26)
    - Re: Black Frog - the botnets keep coming leo vegoda (May 26)
    - Re: Black Frog - the botnets keep coming RLVaughn (May 25)
    - Re: Black Frog - the botnets keep coming Florian Weimer (May 26)
    - Re: Black Frog - the botnets keep coming Alexei Roudnev (May 27)
- Re: Black Frog - the botnets keep coming Scott Weeks (May 25)
- Re: Black Frog - the botnets keep coming Fergie (May 27)
  - Re: Black Frog - the botnets keep coming Alexei Roudnev (May 29)
    - Re: Black Frog - the botnets keep coming Suresh Ramasubramanian (May 29)
    - Re: Black Frog - the botnets keep coming Alexei Roudnev (May 30)
    - Re: Black Frog - the botnets keep coming Valdis . Kletnieks (May 30)