Results 1 to 3 of 3

Thread: BugTraq: Drone Armies C&C Report for Feb/2005

  1. March 7th, 2005, 10:03 PM #1
    MrLinus
    MrLinus is offline
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323

    BugTraq: Drone Armies C&C Report for Feb/2005

    Just got this off of BugTraq. Interesting to see where the bots are located. If I find the pdf/website of the full report I'll add it here.



    Below is a periodic public report from the drone armies / botnets research and mitigation mailing list. For this report it should be noted that we base our analysis on the data we have accumulated from various sources.

    According to our incomplete analysis of information we have thus far, we now publish two reports.


    The ISP's that are most often plagued with botnet C&C's (command & control) are, by the order listed:

    Code:
    ----------------------------------
Responsible Party                              Count    ASN
SAGONE Sago Networks                           16-20    21840
THEPL-1 THE PLANET*                            16-20    {21844,13884}
PNAP Internap Network Services                 11-15    {10913,13790,14742,14744}
STAMIN-2 Staminus Communicatio                 11-15    25761
ATRIV Atrivo                                   11-15    27595
MSG-48 Managed Solutions Group                 8-10     27645
YIPS Yipes Communications  Inc                 8-10     6517
LEVEL3 Level 3 Communications                  8-10     3356
    * Note that the above details are only for botnet C&C's that are still active.

    * We would gladly like to establish a trusted relationship with these and any organizations to help them in the future.

    * Please note the serious decrease in live Korean botnets, largely due to the efforts of KrCERT.


    The Trojan horses most used in botnets:
    ---------------------------------------
    The below details have not changed much, although we are seeing an increase in rBot variants.

    1. Korgobot.
    2. SpyBot.
    3. Optix Pro.
    4. rBot.
    5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots, etc.).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Reply With Quote Reply With Quote
  2. March 7th, 2005, 10:12 PM #2
    |3lack|ce
    |3lack|ce is offline
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Seeing data like this makes me think that certain jobs are in jeopardy. I'm curious what, if anything, can be done at the ISP level to combat the (l)user downloading of the softwares containing these C&C progs? Perhaps a filtering software? At what cost bandwidth to the end user?
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
    Reply With Quote Reply With Quote
  3. March 7th, 2005, 11:06 PM #3
    Tiger Shark
    Tiger Shark is offline
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm curious what, if anything, can be done at the ISP level to combat the (l)user downloading of the softwares containing these C&C progs?
    It had better be FP free or the helpdesk costs would make it prohibitive. That's why ISP's are so leary about restricting any access for fear of screwing up your aunt Betty's online bridge game...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules