The Future of BOTS
Results 1 to 6 of 6

Thread: The Future of BOTS

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884

    The Future of BOTS

    This is an excellent read and I agree with most of the content. For those of you who are in the trenches each day, you'll probably already know everything that is discussed but for others who are not in tune, this will be quite an eye opener.

    Enjoy.

    http://www.trendmicro.com.au/global/...ers/BotsWP.pdf
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,


    It's definately interesting... I was reading about the RSS Feeds yesterday in the FD posting, which linked to that WP...... There's also a news article that was posted @ http://news.yahoo.com/s/zd/20051129/tc_zd/166349

    I'm not sure what to think of RSS Hijacking... Does anyone here know any "lay people" that use RSS?? They tend to be the ones that fall victim to this sort of stuff... Then again, if it looks like a trusted source.... This could be a way to fool even the staunchiest of geeks.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    The scary thing is that you already have a trust relationship with the RSS feed. If that gets nailed, you're not going to know it until its too late.

    I've had suspicions about this vector from the beginning but again, my fears are closing in on reality. I've already spoken to some friends on the inside and they're telling me that certain AV vendors have a decent foothold on developing scan engines to deal with this. Time will tell how well the design works.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    file size can limite that kind of protection i think (bots)
    // too far away outside of limit

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    I played with the RSS early on, but just never got the hang of it. The polymorphic capabilities of the bots is the larger concern, I think. One infection can multiply and change so quickly inside your network that it will be very difficult to get on top of.

    We recently had a client college get hit with what looked like the new Zotob worm. They were playing whack-a-mole for two weeks. Not fun!

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    played with the RSS early on, but just never got the hang of it. The polymorphic capabilities of the bots is the larger concern, I think. One infection can multiply and change so quickly inside your network that it will be very difficult to get on top of.
    True. However, there is a manual technique for achieving the same goal today. When a malware writer sees that a signature is out for his code, he simply repacks it with another PE app such as Yoda, Morphine, FSG, etc. Now this isn't as dangerous as polymorphics because of speed and seeding but when 90% of the internet population rely on signature based solutions, this quickly becomes something to be familiar with.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •