Re: [botnets] Alternative Botnet CCs - free chapter from Botnets:The Killer Web App
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- On Thursday 26 July 2007 01:09, Gadi Evron wrote: Got any comments on the third chapter? I just finished reading it last night after I sent my last email: I felt this chapter was the meatiest up to this point. I feel that your points are well made and that you cover a broad range of technologies. I don't have any factual problems with your writing (unlike the previous chapters, not written by you). My only complaint is that I would have wished to have more technical details. For example: I am curious to know exactly how P2P decentralized networks work, specifically with the idea of public-key crypto for the farmer. On a personal note, I would have liked to see some more opinionated ideas from you on this chapter. What are the most dangerous CC types? Where are the trends going to go? Unlike the other authors, I trust your thoughts on these matters as I know of your experience. But take my complaint(s) with a grain of salt. On this matter I am already knowledgable, so I am looking to expand my knowledge and I have a critical eye when doing it. Craig ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] Alternative Botnet CCs - free chapter from Botnets:The Killer Web App
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- On Thu, 26 Jul 2007, Craig Holmes wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- As promised, I bought the book and finally received it (thanks for the slow turn around Amazon). I have begun reading it, and although I am only starting the third chapter I am wholly unimpressed. Before I discuss the text of the book, I am curious to know. Is it a print problem or do many of the graphics in the book look overly blurry or excessively jagged? Some of the pictures look like they were compressed to a monochrome bitmap of about 2k in size (see page 47). My experience with botnets seem to differ in many ways from the text in the book: The book begins by describing what SDBot, Agobot, GTBot, etc do. They include lists of ports and vulnerabilities that the given bot exploits, actions it may perform etc. The book doesn't make the point strong enough that a lot of code (especially SDBot code) started off as simply a public offering and evolved through many different trees by people with no organization. These trees criss-crossed without any knowledge of many of the contributors. In fact, as I recall SDBot (at least a couple of versions from sd) was released to the public without a single attack vector. It is my belief that this version is responsible for the most variants due to it's availability. The book seems to be making a point that bots are being used by organized crime. I think this point has been pushed on my fronts of this issue by many people, however I remain doubtful. In my experience with farmers (or bot herders as the book calls them) is that they're packet kiddies out to DoS their moronic buddies or enemies. The botnet was just a natural evaluation from Trinoo/TFN/Trinity/Kaiten or if they're even lamer then Backorifice, etc. Though I do certainly accept that some lone individuals use botnets for monitary gain (avert scams), I wouldn't classify it as organized. Look at the numbers given in the book: -4.5 Million active botnet computers -A small botnet is 10,000 computers That means that there are about 500 botnets active. The book states only a handful of cases that involved organized crime, possibly 5 cases. That means that they've identified at least 0.01% of the 500 botnets are being run by the big evil organized crime people. Not to say that proves them wrong, but it isn't enough evidence for me. I believe they are sensationalizing this fact quite a bit. The book paints a pretty diagram showing how people with their cam corders run from the movie theatre directly to their dorm and upload their bootlegs to topsites which are actually botnets. This is a silly notion. A great deal movies that are available on the internet today (and much software) are released by organized (though not by for profit) piracy groups (the 'scene'). These groups do use topsites, but they are FTP servers running on legitmate hardware (a member of the group may be a sysadmin at MIT for example). These topsites and groups are not even remotely affiliated with botnets (or at least weren't in 2002 which is when my experience dates to). The offenders identified (from Drink or Die, Razor1911, etc) wouldn't be caught dead touching a botnet, as it would do great damage to their reputation. Furthermore, these elite groups have very little use for clickthrough scams, distributed storage, or dos attacks. I feel like the authors are making a far too liberal attempt at connecting the dots on many issues. I am also slightly disappointed as it seemed much of the book will be focused on general intrusion detection techniques, sandboxing, reporting etc and less on practical cases, motivation, CC methods, encryption and more technical aspects of the bot itself. I will report my final thoughts when I complete the book. Craig Got any comments on the third chapter? On Sunday 08 July 2007 21:53, Thomas Raef wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Gadi, It's easier for people to just buy the book. I bought it about a month ago and have read it a few time already. Nice work! ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] Alternative Botnet CCs - free chapter from Botnets:The Killer Web App
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- On 7/25/07, Craig Holmes [EMAIL PROTECTED] wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- As promised, I bought the book and finally received it (thanks for the slow turn around Amazon). I have begun reading it, and although I am only starting the third chapter I am wholly unimpressed. Before I discuss the text of the book, I am curious to know. Is it a print problem or do many of the graphics in the book look overly blurry or excessively jagged? Some of the pictures look like they were compressed to a monochrome bitmap of about 2k in size (see page 47). My experience with botnets seem to differ in many ways from the text in the book: The book begins by describing what SDBot, Agobot, GTBot, etc do. They include lists of ports and vulnerabilities that the given bot exploits, actions it may perform etc. The book doesn't make the point strong enough that a lot of code (especially SDBot code) started off as simply a public offering and evolved through many different trees by people with no organization. These trees criss-crossed without any knowledge of many of the contributors. In fact, as I recall SDBot (at least a couple of versions from sd) was released to the public without a single attack vector. It is my belief that this version is responsible for the most variants due to it's availability. The book seems to be making a point that bots are being used by organized crime. I think this point has been pushed on my fronts of this issue by many people, however I remain doubtful. In my experience with farmers (or bot herders as the book calls them) is that they're packet kiddies out to DoS their moronic buddies or enemies. The botnet was just a natural evaluation from Trinoo/TFN/Trinity/Kaiten or if they're even lamer then Backorifice, etc. Though I do certainly accept that some lone individuals use botnets for monitary gain (avert scams), I wouldn't classify it as organized. Look at the numbers given in the book: -4.5 Million active botnet computers -A small botnet is 10,000 computers That means that there are about 500 botnets active. The book states only a handful of cases that involved organized crime, possibly 5 cases. That means that they've identified at least 0.01% of the 500 botnets are being run by the big evil organized crime people. Not to say that proves them wrong, but it isn't enough evidence for me. I believe they are sensationalizing this fact quite a bit. The book paints a pretty diagram showing how people with their cam corders run from the movie theatre directly to their dorm and upload their bootlegs to topsites which are actually botnets. This is a silly notion. A great deal movies that are available on the internet today (and much software) are released by organized (though not by for profit) piracy groups (the 'scene'). These groups do use topsites, but they are FTP servers running on legitmate hardware (a member of the group may be a sysadmin at MIT for example). These topsites and groups are not even remotely affiliated with botnets (or at least weren't in 2002 which is when my experience dates to). The offenders identified (from Drink or Die, Razor1911, etc) wouldn't be caught dead touching a botnet, as it would do great damage to their reputation. Furthermore, these elite groups have very little use for clickthrough scams, distributed storage, or dos attacks. A bunch of these ftp servers being used are actually compromised servers. There is one german release group that i have found that does this alot, i don't remember their name, but they will compromise a server with a weak MSSQL SA account and then install a ftp daemon and serve their files. They target the sql servers i believe because they are typically decent servers with decent upload and space. That is just my 2 cents and what I have seen. I feel like the authors are making a far too liberal attempt at connecting the dots on many issues. I am also slightly disappointed as it seemed much of the book will be focused on general intrusion detection techniques, sandboxing, reporting etc and less on practical cases, motivation, CC methods, encryption and more technical aspects of the bot itself. I will report my final thoughts when I complete the book. Craig On Sunday 08 July 2007 21:53, Thomas Raef wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Gadi, It's easier for people to just buy the book. I bought it about a month ago and have read it a few time already. Nice work! ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets -- James Pleger p: 623.298.7966 e: [EMAIL PROTECTED] ___ To report a botnet PRIVATELY please email:
Re: [botnets] Alternative Botnet CCs - free chapter from Botnets:The Killer Web App
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- As promised, I bought the book and finally received it (thanks for the slow turn around Amazon). I have begun reading it, and although I am only starting the third chapter I am wholly unimpressed. Before I discuss the text of the book, I am curious to know. Is it a print problem or do many of the graphics in the book look overly blurry or excessively jagged? Some of the pictures look like they were compressed to a monochrome bitmap of about 2k in size (see page 47). My experience with botnets seem to differ in many ways from the text in the book: The book begins by describing what SDBot, Agobot, GTBot, etc do. They include lists of ports and vulnerabilities that the given bot exploits, actions it may perform etc. The book doesn't make the point strong enough that a lot of code (especially SDBot code) started off as simply a public offering and evolved through many different trees by people with no organization. These trees criss-crossed without any knowledge of many of the contributors. In fact, as I recall SDBot (at least a couple of versions from sd) was released to the public without a single attack vector. It is my belief that this version is responsible for the most variants due to it's availability. The book seems to be making a point that bots are being used by organized crime. I think this point has been pushed on my fronts of this issue by many people, however I remain doubtful. In my experience with farmers (or bot herders as the book calls them) is that they're packet kiddies out to DoS their moronic buddies or enemies. The botnet was just a natural evaluation from Trinoo/TFN/Trinity/Kaiten or if they're even lamer then Backorifice, etc. Though I do certainly accept that some lone individuals use botnets for monitary gain (avert scams), I wouldn't classify it as organized. Look at the numbers given in the book: -4.5 Million active botnet computers -A small botnet is 10,000 computers That means that there are about 500 botnets active. The book states only a handful of cases that involved organized crime, possibly 5 cases. That means that they've identified at least 0.01% of the 500 botnets are being run by the big evil organized crime people. Not to say that proves them wrong, but it isn't enough evidence for me. I believe they are sensationalizing this fact quite a bit. The book paints a pretty diagram showing how people with their cam corders run from the movie theatre directly to their dorm and upload their bootlegs to topsites which are actually botnets. This is a silly notion. A great deal movies that are available on the internet today (and much software) are released by organized (though not by for profit) piracy groups (the 'scene'). These groups do use topsites, but they are FTP servers running on legitmate hardware (a member of the group may be a sysadmin at MIT for example). These topsites and groups are not even remotely affiliated with botnets (or at least weren't in 2002 which is when my experience dates to). The offenders identified (from Drink or Die, Razor1911, etc) wouldn't be caught dead touching a botnet, as it would do great damage to their reputation. Furthermore, these elite groups have very little use for clickthrough scams, distributed storage, or dos attacks. I feel like the authors are making a far too liberal attempt at connecting the dots on many issues. I am also slightly disappointed as it seemed much of the book will be focused on general intrusion detection techniques, sandboxing, reporting etc and less on practical cases, motivation, CC methods, encryption and more technical aspects of the bot itself. I will report my final thoughts when I complete the book. Craig On Sunday 08 July 2007 21:53, Thomas Raef wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Gadi, It's easier for people to just buy the book. I bought it about a month ago and have read it a few time already. Nice work! ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
