North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Rick Wesson
  • Date: Tue Aug 08 19:52:56 2006

this isn't fun, comments in line.

Sean Donelan wrote:

On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American business $29M per month because of the existence of key-logging botnets.

Why did you attribute responsibility for the cost only to the consumer ISP? How much of the cost should be attributed the PC OEM, or the software developers, or the American business, or the ....?

Because the numbers are significant. Finding any entity that could provide a choke-point for 4% of business side id-theft is an interesting exercise and of significant value to the community.

you want to talk economics? Its not complicated to show that mitigating key-logging bots could save American business 2B or 4% of =losses to identity theft -- using FTC loss estimates from 2003

What are the economics of American businesses mitigating key-logging bots?

there is no detectable mitigation, the slope of the infection rate continues to rise.

How much security would you get for an additional $20 per year per on-line
user?  Spending more than the losses wouldn't save American business money.

depends on how it is spent