North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How many backbones here are filtering the makelovenotspam scr eensaver site?

  • From: Steven Champeon
  • Date: Thu Dec 02 15:24:45 2004

on Thu, Dec 02, 2004 at 02:56:29PM -0500, Hannigan, Martin wrote:
> Possibly. What will happen if the Lycos botnet gets hijacked?
> The conversations between the clients and the servers don't appear
> to be keyed. If a million clients got owned, it would be the 
> equivalent of an electronic Bubonic Plague with no antidote.

You mean, like the existing botnets we already know exist but are
already under the control of spammers?

What's the difference? Why is everyone so upset about Lycos and nobody
seems to be doing much of anything about the /existing botnets/, which
conservative estimates[1] already put at anywhere from 1-3K per botnet
to upwards of 1-5M hosts total[2]?


    "There may be millions of such PCs around and they can be rented for
     as little as US$100 ($176)-per-hour."

    "Some estimates have suggested a botnet in excess of tens of
     thousands of computers." [per virus outbreak]
    "Small groups of young people creating a resource out of a
     10-30,000-strong computer network are renting them out to anybody
     who has the money," a source in Scotland Yard's computer crime unit
     told Reuters.

    "CipherTrust recently published research claiming that all phishing
     attacks on the Internet are conducted with the use of one of five
     zombie networks, or botnets. Each botnet comprises roughly 1,000
     PCs. In addition, the research shows that 70% of zombie PCs are also
     used to send spam.",39020375,39167561,00.htm

    "Linford said that every week more than 100,000 PCs are recruited
     into botnets without the owner's knowledge.

    "A botnet is a collection of -- usually -- Windows-based PCs that
     have been stealthily taken over by malware. Users have no idea that
     their computer has been corrupted."

[2] the CBL, for example, currently lists 1.1M, and (here, anyway) only
    blocks around 15-25% of our incoming spam. I've seen round robin
    attacks of upwards of fifty bots at a time (same timeframe, sender,
    and target, from multiple hosts in multiple countries/ISPs/networks)
    whereas suspected zombies account for 35-45% of all inbound spam
    delivery attempts here.

-- v: +1(919)834-2552 f: +1(919)834-2554 w:
join us!    join us!