Antivirus firms discover Bots
I'm glad that anti-virus firms are noticing the growth of Bots. Unfortunately, their guestimating ability is still woefully inadequate. Even frequent updates to anti-virus software won't help. Many bots disable automatic updates and block access to the antivirus sites. By the time anti-virus software detects somethings wrong, its already too late. The solution is to make certain your computer is not compromised, instead of relying on anti-virus to clean it up later. Antivirus firms warn of growing 'Bot' Networks http://www.informationweek.com/story/showArticle.jhtml?articleID=20300880
Hmm, so if the AV discovers an active bot is it possible to take this a step further and locate the C&C and forward that info to relevant network operators? Steve On Sat, 15 May 2004, Sean Donelan wrote:
I'm glad that anti-virus firms are noticing the growth of Bots. Unfortunately, their guestimating ability is still woefully inadequate.
Even frequent updates to anti-virus software won't help. Many bots disable automatic updates and block access to the antivirus sites. By the time anti-virus software detects somethings wrong, its already too late. The solution is to make certain your computer is not compromised, instead of relying on anti-virus to clean it up later.
Antivirus firms warn of growing 'Bot' Networks http://www.informationweek.com/story/showArticle.jhtml?articleID=20300880
Stephen J. Wilcox wrote:
Hmm, so if the AV discovers an active bot is it possible to take this a step further and locate the C&C and forward that info to relevant network operators?
With some operators specializing hosting these, what good would that do until the "big guys" start cutting them off at their borders? Pete
On Sun, 16 May 2004, Petri Helenius wrote:
Stephen J. Wilcox wrote:
Hmm, so if the AV discovers an active bot is it possible to take this a step further and locate the C&C and forward that info to relevant network operators?
With some operators specializing hosting these, what good would that do until the "big guys" start cutting them off at their borders?
I mean fwd to some central location to be shared with various operators rather than spamcop style org lookup .. Steve
Stephen J. Wilcox wrote:
I mean fwd to some central location to be shared with various operators rather than spamcop style org lookup ..
My statement holds even in this case. What good would this do beyond honeypots which can be used to collect this information in less than a week? If somebody would be interested and have the means in hunting down and closing the zombie/spam commanders it could be done today. Getting their whereabouts is not the issue. Pete
On Sun, 16 May 2004, Stephen J. Wilcox wrote:
Hmm, so if the AV discovers an active bot is it possible to take this a step further and locate the C&C and forward that info to relevant network operators?
at the point the av software itself is spyware. joelja
Steve
On Sat, 15 May 2004, Sean Donelan wrote:
I'm glad that anti-virus firms are noticing the growth of Bots. Unfortunately, their guestimating ability is still woefully inadequate.
Even frequent updates to anti-virus software won't help. Many bots disable automatic updates and block access to the antivirus sites. By the time anti-virus software detects somethings wrong, its already too late. The solution is to make certain your computer is not compromised, instead of relying on anti-virus to clean it up later.
Antivirus firms warn of growing 'Bot' Networks http://www.informationweek.com/story/showArticle.jhtml?articleID=20300880
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
On Sun, 16 May 2004, Joel Jaeggli wrote:
On Sun, 16 May 2004, Stephen J. Wilcox wrote:
Hmm, so if the AV discovers an active bot is it possible to take this a step further and locate the C&C and forward that info to relevant network operators?
at the point the av software itself is spyware.
no its not providing you state on the packaging what you do. Steve
joelja
Steve
On Sat, 15 May 2004, Sean Donelan wrote:
I'm glad that anti-virus firms are noticing the growth of Bots. Unfortunately, their guestimating ability is still woefully inadequate.
Even frequent updates to anti-virus software won't help. Many bots disable automatic updates and block access to the antivirus sites. By the time anti-virus software detects somethings wrong, its already too late. The solution is to make certain your computer is not compromised, instead of relying on anti-virus to clean it up later.
Antivirus firms warn of growing 'Bot' Networks http://www.informationweek.com/story/showArticle.jhtml?articleID=20300880
----- Original Message ----- From: "Sean Donelan" <sean@donelan.com> To: <nanog@merit.edu> Sent: Sunday, May 16, 2004 9:45 AM Subject: Antivirus firms discover Bots
I'm glad that anti-virus firms are noticing the growth of Bots. Unfortunately, their guestimating ability is still woefully inadequate.
Even frequent updates to anti-virus software won't help. Many bots disable automatic updates and block access to the antivirus sites. By the time anti-virus software detects somethings wrong, its already too late. The solution is to make certain your computer is not compromised, instead of relying on anti-virus to clean it up later.
Please note the "removal tool" from Mcafee, called Stinger, has also been targeted by some. Just attempting to run it off a floppy or CD will not work nor will it be allowed, by some of them, to be copied to HD. The simple answer is to download it and rename it to something else before introducing it to the new machine AND booting safe mode for Windows machines to get it going, anyway. I have also noted that permissions on XP machines have been altered but so far have not noticed the Admin account being changed at all unless the user is actually using the setup Admin account as the only account on the machine. Greg.
participants (5)
-
Gregh
-
Joel Jaeggli
-
Petri Helenius
-
Sean Donelan
-
Stephen J. Wilcox