BugTraq: Drone Armies C&C Report for Feb/2005
Results 1 to 3 of 3

Thread: BugTraq: Drone Armies C&C Report for Feb/2005

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    BugTraq: Drone Armies C&C Report for Feb/2005

    Just got this off of BugTraq. Interesting to see where the bots are located. If I find the pdf/website of the full report I'll add it here.



    Below is a periodic public report from the drone armies / botnets research and mitigation mailing list. For this report it should be noted that we base our analysis on the data we have accumulated from various sources.

    According to our incomplete analysis of information we have thus far, we now publish two reports.


    The ISP's that are most often plagued with botnet C&C's (command & control) are, by the order listed:

    Code:
    ----------------------------------
    Responsible Party                              Count    ASN
    SAGONE Sago Networks                           16-20    21840
    THEPL-1 THE PLANET*                            16-20    {21844,13884}
    PNAP Internap Network Services                 11-15    {10913,13790,14742,14744}
    STAMIN-2 Staminus Communicatio                 11-15    25761
    ATRIV Atrivo                                   11-15    27595
    MSG-48 Managed Solutions Group                 8-10     27645
    YIPS Yipes Communications  Inc                 8-10     6517
    LEVEL3 Level 3 Communications                  8-10     3356
    * Note that the above details are only for botnet C&C's that are still active.

    * We would gladly like to establish a trusted relationship with these and any organizations to help them in the future.

    * Please note the serious decrease in live Korean botnets, largely due to the efforts of KrCERT.


    The Trojan horses most used in botnets:
    ---------------------------------------
    The below details have not changed much, although we are seeing an increase in rBot variants.

    1. Korgobot.
    2. SpyBot.
    3. Optix Pro.
    4. rBot.
    5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots, etc.).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Seeing data like this makes me think that certain jobs are in jeopardy. I'm curious what, if anything, can be done at the ISP level to combat the (l)user downloading of the softwares containing these C&C progs? Perhaps a filtering software? At what cost bandwidth to the end user?
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm curious what, if anything, can be done at the ISP level to combat the (l)user downloading of the softwares containing these C&C progs?
    It had better be FP free or the helpdesk costs would make it prohibitive. That's why ISP's are so leary about restricting any access for fear of screwing up your aunt Betty's online bridge game...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •