|
Re: [Asrg] Re: Bots
2006-01-17 14:57:06
On Jan 17, 2006, at 11:32 AM, Frank Ellermann wrote:
Barry Shein wrote:
[9]
bzs: ok, this botnet was used in a DoS attack but I think it
underscores the general theme that they exist, are dangerous,
numbers of PCs involved (20,000 in this case), and becoming
legally dangerous to their operators.)
It also underscores why "block port 25" won't solve the zombie
problem, "block port 25" is a delusion, unless it's a temporary
step in a strategy to find and clean (multi-) infected systems.
Although port 25 blocking offers a degree of containment, zombies use
any avenue available. Rather than waiting for keystrokes, password
recovery allows immediate access when applications store passwords.
The victims are also less likely to know there is a problem, as
zombies are getting better at creating the appearance of normality
while disabling protections. Some even include artificial
intelligence able to mimic someone responding real-time to concerns,
while offering assurances everything is fine. The social engineering
involved and extent of the problem is rather startling.
Avenues of infection offering traceable source identifiers would
allow tracking the infections. Lacking conventions, a large amount
of resource is expended in this effort. Traceable identifiers do not
need to expose personal identifiers any more than a MAC or IP address
would, and, in my view, should not look like email-addresses. The
goal would be to locate the infected machine, not identify the author
of a message. Once the machine is identified, there are many ways
users can be alerted and directed to a cleanup process. At this
point, scrubbing programs work reasonable well, but they must always
adapt. Even this aspect represents an escalating battle.
Even applying delinquent patches to the OS may result in a corrupt a
filesystem when an older disk maintenance application becomes
confused by modified low level APIs. It is really depressing to see
a file-system recovery tool estimate restoration to take tens of
thousands of hours. What fun.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Bots was Re: [Asrg] Email service assumptions and making system-wide changes, (continued)
- Bots was Re: [Asrg] Email service assumptions and making system-wide changes, Tom Petch
- Re: Bots was Re: [Asrg] Email service assumptions and making system-wide changes, John Levine
- Re: Bots was Re: [Asrg] Email service assumptions and making system-wide changes, Barry Shein
- [Asrg] Re: Bots, Frank Ellermann
- RE: [Asrg] Re: Bots, Larry Seltzer
- Re: [Asrg] Re: Bots, Seth Breidbart
- [Asrg] Re: Bots, Frank Ellermann
- RE: [Asrg] Re: Bots, Larry Seltzer
- Re: [Asrg] Re: Bots, Gadi Evron
- [Asrg] Re: Bots, Frank Ellermann
- Re: [Asrg] Re: Bots,
Douglas Otis <=
- [Asrg] Re: Bots, Frank Ellermann
- [Asrg] Re: Email service assumptions and making system-wide changes, Frank Ellermann
- Re: [Asrg] Email service assumptions and making system-wide changes, Douglas Otis
- Re: [Asrg] Email service assumptions and making system-wide changes, Danny Angus
RE: [Asrg] Spam, why is it still a problem?, Hallam-Baker, Phillip
Re: [Asrg] Spam, why is it still a problem?, John Levine
|
|
|