On Mon, 3 May 2004, Rob Thomas wrote:
] Just because a machine has a bot/worm/virus that didn't come with a ] rootkit, doesn't mean that someone else hasn't had their way with it.
Agreed.
Won't help. What's the first thing people do after re-installing the operating system (still have all the original CDs and keys and product activation codes and and and)? Connect to the Internet to download the patches. Time to download patches 60+ minutes. Time to infection 5 minutes. Patches are Microsoft's intellectual property and can not be distributed by anyone without Microsoft's permission. Ok, so you order Microsoft's patch CD. Unfortunately it only includes patches through October 2003. Microsoft is selling over 10 million Windows licenses every month. Patches not included.
The record I've seen thus far was a host with 14 distinct and active bots on it. I'm guessing the LEDs on that cable modem never blinked.
The problem with Bots is they aren't always active. That makes them difficult to find until they do something.