Jump to content

All sorts of botnet activity these days


Wazoo

Recommended Posts

Posted

Microsoft takes legal action to shut down Waledac botnet

activity and actions described

Microsoft helps smash massive botnet

scary graphic included

Spanish Police Take Down Massive Mariposa Botnet

apparently, an even larger botnet that may now be down and out however, the background data is not so good ...

Mariposa-infected computers were linked to 13 million unique Internet Protocol addresses, said Pedro Bustamante, a researcher with Panda Security. It's hard to pinpoint the exact size of the botnet from that number, but it appears to be one of the world's largest. Researchers studying the notorious Conficker botnet have linked it to half as many IP addresses.

..............

Antivirus companies did a good job of detecting some versions of the Mariposa code, but the bad guys changed their software often enough -- sometimes every 48 hours -- that many versions of the malware went undetected. "The AV companies couldn't write signatures fast enough," Davis said.

The researchers say that there are still many Mariposa-infected PCs out there, but they are working with antivirus vendors to improve detection and remove the malicious code from the Internet. Over the next month or two, there should be "a pretty big decline" in the number of infected computers, Davis said.

Authorities bust 3 in infection of 13M computers

A bit more detail, some reporters citing this article as their own source ....

Talking Bots with Japan's 'Cyber Clean Center'

Bian Krebs talking about one approach at something I addressed quite a long time ago ... proactive ISPs

Microsoft's Charney details new botnet protection, IdM technology at RSA

and more trash talking from the Microsoft VIPs ... recalling that Mr. Gates himself was gong to solve the spam problem a few years back <g>

Posted

I just received the following message from spamcop: In the 24 hours starting Wed Mar 3 06:06:04 2010, you have submitted over spams for processing, which exceeds our daily submission limit. No more submissions will be accepted. Your reporting account is disabled. Please reply if you are reporting spam in good faith and feel your account should be reinstated.

Was this a result of the "botnet activity"?? I have only submitted a couple of spam in the past week. So what gives???

Posted
Was this a result of the "botnet activity"?? I have only submitted a couple of spam in the past week. So what gives???

At the tme of your Post into this Topic, I had just completed Posting an Announcement (shown in all sub-Goums) and a Post into the Announcements Forum section. There is an unannounced problem with the www/mailsc server farm. The initial thought would be an included database problem That specific flag/action is currently a scripted item in the Parsing & Reporting System code and those servers are definitely acting up right now. The only other possibility would be if you were one of thos folks that built theor own 'automatic reporting' scripts and it has been submitting stuff you don't know about,

Posted
At the tme of your Post into this Topic, I had just completed Posting an Announcement (shown in all sub-Goums) and a Post into the Announcements Forum section. There is an unannounced problem with the www/mailsc server farm. The initial thought would be an included database problem That specific flag/action is currently a scripted item in the Parsing & Reporting System code and those servers are definitely acting up right now. The only other possibility would be if you were one of thos folks that built theor own 'automatic reporting' scripts and it has been submitting stuff you don't know about,

I must be in the first group because I am not using an "automatic reporting" scri_pt. Nor am I batching my spam. I truly have not reported more than 4 or 5 spam over the past week.

Posted

Back to the botnets

(re the Mariposa botnet)... the toughest part of fighting such botnets is alerting the millions of people, companies and government offices whose computers have been compromised.

"There isn't a good way to distribute that information outside North America and Western Europe," Mr. Davis said. "Even there, I can contact companies, but what do I do about my mom's computer in Squamish?"

Well, most coming to these pages are spam reporters who have personally advised quite a few ISPs about botnet abuses of various kinds on their networks on a daily basis through SC notifications - and have quickly come to the sad conclusion about ISPs - if they don't have to do anything, by and large they won't.

Services provision in cut-throat business, the general public are unknowing/uncaring, how is an ISP (in isolation) to compete if they blow their cut-rate pricing structures to buy-in the resources necessary to combat cyber crime on their networks? We trust the networks would be cheaper to run if they weren't pumping insane volumes of spam-related bandwidth. But it has to be an all-in effort - leading the way means loss of competitiveness in the general market.

Maybe the Japanese are on the right track (one of Wazoo's initial links). Mariposa shows it's not all about spam - but any form of cyber crime is expensive and ultimately destructive even if (like most spam) not immediately so. The sort of personal information theft carried out through Mariposa would be pretty destructive and its scale is certainly massive so understandably it gets immediate attention, even if it is a lot harder to track than spam. But any viable solution is probably going to cast a broad net. There are many more villains than there are cops, with the over-all effect that the bad guys are more adaptable/inventive and the good guys are more reactive.

Has to be a more proactive role for Cisco-IronPort and their client community in all of that. IMO.

Posted
And here's TechRepublic's nomination of the top 10 spambots, said to be currently responsible for more than 95% of all spam world-wide:

http://blogs.techrepublic.com.com/10things/?p=1373

The sad thing is, if it wasn't them it would others. On spambots as a class, you would have to echo Adrian Cronauer (Good Morning, Vietnam), "What stamina!"

My account has now been re-enabled, and I'm able to report spam again. Many thanks to all those folks at SpamCop who often must spend long hours fighting the bad guys with few thanks and little or no compensation.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...