Zombies inevitably turning into botnets represent a huge, automated and efficient advantage to malicious attackers, I topic and most of its dimensions I covered in my Future trends of malware research. CipherTrust's Zombie Stats help you measure the approximate population of infected zombie PCs according to the vendor's TrustedSource. Not surprisingly, China's steadily increasing novice Internet population, both represents a growing menace to the entire Internet, and a market development opportunity for AV and security vendors. The situation is getting of hand with ISPs upgrading Internet connections, while still not putting enough efforts when it comes to dealing with botnets. And while some are taking actions under enforcement, major ISPs are still reluctant to face the issue -- ISPs still prefer to offer security services on a license basis or through reseller partnerships, though I'm certain there's an entire market segment waiting to be discovered by them if they manage to reset their position in this space.
Moreover, Prolexic's Zombie report for Q1-Q2 2005, provides even more detailed info, and a neat visualization of the routes involved with DDoS attacks, where the blue represents the U.S, and the red China. For the the time being, the ShadowServer guys keep on enthusiastically dealing with the problem, for no profit at all.
Friday, June 30, 2006
Real-Time PC Zombie Statistics
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
The WarDriving Police and Pringles Hacking
These days you never know where the next hacking attempt on your wireless network may come from. In this case, it's from the police, as authorities start mimicking wardriving behavior :
"The Douglas Country Sheriff's DOffice says it's going to start warning computer users that their networks may be vulnerable to hackers. The Sheriff's Department plans to equip several of its community service and patrol cars with devices that detect unprotected computer networks. In cases where investigators can figure out who owns the networks, they'll try to warn of potential security issues. They'll also drop off brochures with instructions to computer users on how to password protect their networks."
Back in 2004, Kelly Martin wrote a very pragmatic article on Catching a virus writer, empasizing on how "with the consumer WiFi explosion, launching a virus into the wild has never been easier and more anonymous than it is today." Moreover, Kaspersky labs recently assessed the situation in England, and you can easily see the need of basic awareness there.
I don't feel it's a good idea mainly because it generates more noise for the end user to sort through. They'd rather assess and position on a map the regions with most vulnerable networks and figure out a cost-effective ways of spreading awareness in these regions, instead of taking the role of an ethical wardriving. On the other hand, if they start taking care of wireless, would they start taking into consideration Bluetooth as well? There're just too many ethical wardrivers to deal with and deceive these days, and creative end users tend to multiply themselves or, of course, use common sense protection.
WarDriving Awareness brochure courtesy of Tom Hayward. Recommended reading - "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics".
"The Douglas Country Sheriff's DOffice says it's going to start warning computer users that their networks may be vulnerable to hackers. The Sheriff's Department plans to equip several of its community service and patrol cars with devices that detect unprotected computer networks. In cases where investigators can figure out who owns the networks, they'll try to warn of potential security issues. They'll also drop off brochures with instructions to computer users on how to password protect their networks."
Back in 2004, Kelly Martin wrote a very pragmatic article on Catching a virus writer, empasizing on how "with the consumer WiFi explosion, launching a virus into the wild has never been easier and more anonymous than it is today." Moreover, Kaspersky labs recently assessed the situation in England, and you can easily see the need of basic awareness there.
I don't feel it's a good idea mainly because it generates more noise for the end user to sort through. They'd rather assess and position on a map the regions with most vulnerable networks and figure out a cost-effective ways of spreading awareness in these regions, instead of taking the role of an ethical wardriving. On the other hand, if they start taking care of wireless, would they start taking into consideration Bluetooth as well? There're just too many ethical wardrivers to deal with and deceive these days, and creative end users tend to multiply themselves or, of course, use common sense protection.
WarDriving Awareness brochure courtesy of Tom Hayward. Recommended reading - "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics".
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)