To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hi all. Thank you for joining our new open and public effort.
Botnet mitigation efforts have been going on mostly on two levels:
1. Secret hand-shake clubs.
2. Privately on your network.
I believe the time has come that some of this fight, which so many new
people are working on publically, indeed become public. However, such
action has a lot of risk attached to it.
DO WE HELP THE BAD GUYS by showing this information here?
Yes. We do.
Point is, is this information already available to them? And more
importantly, how much more can be done if the fight is public and how
much DO we help the public by keeping at least some of the fight open?
10 years ago, sharing a virus sample would have been evil incarnate.
Today in the eyes of the anti virus world, it still is, even when in
*most* cases the samples can be found everywhere - especially by the Bad
Guys. For the Good Guys it is a bit more difficult.
Why do the good guys in the AV industry still believe that? For many
good reasons - granted, but also because the industry (not the guys) is
now set in its ways, stagnant and refuses to give up its cushy sit of
power on the subject.
The same can be said on many different subjects. We do not wish to
remain stagnant. We will examine new options when they present
themselves or when a void in our world presents itself.
There are many efforts that can be done publically, but non of us are
willing to sign up quite yet. This list is here for a number of purposes:
1. Gage public interest.
2. See how many botnet reports come in from the public.
3. Measure how the Bad Guys react and if it changes, at all, they
activities as we observe them.
As we *can* measure it using this list, it was created.
Our goal is simple, make it more difficult for Bad Guys.
It has been my strong belief for a while now that simply "killing" (i.e.
reporting suspected servers to the respected authority for their
investigation and possible follow-up action according to their
acceptable use policy) command and control servers is self-defeating.
It is necessary, as long as it is not our only solution. By doing it
alone we push the Bad Guys to learn, become better and make our efforts
pointless.
C&C data is public, and for that I believe our more private efforts can
concentrate on more important issues, such as putting these guys behind
bars. Changing the economics so that it is not as worth while (cost vs.
benefit wise) to steal Aunty Jane's money or your pension.
Their ROI is in Billions. We have no funding.
All that said, our purpose, as stated, is a test case. A proof of
concept to see what can happen if information such as this is public,
and what can new and fresh minds bring to the equation.
It is my sincere hope this public attempt will be a success, but I am
willing to admit I am wrong if it isn't.
This list is now moderated and only reports of new C&C servers and what
we will find of interest will be let through, or we miss the purpose. A
second discussion list is established and will be open when we decide a
community is indeed forming.
For now, sending out information rather than debating it to death may be
the best solution, short-term, for our experiment to succeed.
This is about the security and survivability of the Internet. This is
about your mother being able to safely surf the net.
Thanks,
Gadi.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
