Re: latest on botnets

To: Hugo Vanwoerkom <hvw59601@care2.com>
Cc: debian-user@lists.debian.org
Subject: Re: latest on botnets
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Sat, 18 Feb 2006 14:56:50 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1060218145050.30772A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] dt872e$73g$1@sea.gmane.org>

On Sat, 18 Feb 2006, Hugo Vanwoerkom wrote:

> http://blog.washingtonpost.com/securityfix/
> has some unbelievable numbers: the average botnet (network of 
> compromised PC's) has 36,8000 members!
> 
> None of these can be Debian boxes running chkroot regularly, right?

no ...

chkroot will try to find cracked machines .. it does not prevent it

i keep wondering, if one was successful in breaking in, why
change the files so that things like chkroot will find you,
if the cracker left it alone, they can still get in and probably
not be detected

> They are all M$ boxes.

not necessarily

> Is that a believable number?

no ... i'd multiply it by 10x or 100x more or even 1000x because
not everybody will let the world know they've been broken into
and not everybody will know that they've been cracked either

banks ( in usa ) are required to notify customers that the credit card
and id is at risk, but that doesn't mean they will tell the "world"

last customer didn't know they've been cracked and keep running
for 2 months .. they thought somethng was wrong when it didn't boot 
again, 2 months after the fact ... ie... 2 months of sniffing
time for the cracker

c ya
alvin

Reply to:

References:
- latest on botnets
  - From: Hugo Vanwoerkom <hvw59601@care2.com>

Prev by Date: debian pine source build 4.62
Next by Date: Re: debian pine source build 4.62
Previous by thread: latest on botnets
Next by thread: Re: latest on botnets
Index(es):
- Date
- Thread