on Thu, Dec 02, 2004 at 02:56:29PM -0500, Hannigan, Martin wrote:
Possibly. What will happen if the Lycos botnet gets hijacked?
The conversations between the clients and the servers don't appear to be keyed. If a million clients got owned, it would be the equivalent of an electronic Bubonic Plague with no antidote.
You mean, like the existing botnets we already know exist but are already under the control of spammers? What's the difference? Why is everyone so upset about Lycos and nobody seems to be doing much of anything about the /existing botnets/, which conservative estimates[1] already put at anywhere from 1-3K per botnet to upwards of 1-5M hosts total[2]? Steve [1] http://newpaper.asia1.com.sg/top/story/0,4136,67698-1,00.html "There may be millions of such PCs around and they can be rented for as little as US$100 ($176)-per-hour." http://www.messagelabs.com/emailthreats/intelligence/reports/monthlies/Octob... "Some estimates have suggested a botnet in excess of tens of thousands of computers." [per virus outbreak] http://www.usatoday.com/tech/news/computersecurity/2004-07-07-zombie-pimps_x... "Small groups of young people creating a resource out of a 10-30,000-strong computer network are renting them out to anybody who has the money," a source in Scotland Yard's computer crime unit told Reuters. http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=43#315 "CipherTrust recently published research claiming that all phishing attacks on the Internet are conducted with the use of one of five zombie networks, or botnets. Each botnet comprises roughly 1,000 PCs. In addition, the research shows that 70% of zombie PCs are also used to send spam." http://news.zdnet.co.uk/internet/security/0,39020375,39167561,00.htm "Linford said that every week more than 100,000 PCs are recruited into botnets without the owner's knowledge. "A botnet is a collection of -- usually -- Windows-based PCs that have been stealthily taken over by malware. Users have no idea that their computer has been corrupted." [2] the CBL, for example, currently lists 1.1M, and (here, anyway) only blocks around 15-25% of our incoming spam. I've seen round robin attacks of upwards of fifty bots at a time (same timeframe, sender, and target, from multiple hosts in multiple countries/ISPs/networks) whereas suspected zombies account for 35-45% of all inbound spam delivery attempts here. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!