RE: Webroot Uncovers Thousands of Stolen Identities

["Fergie" <fergdawg () netzero net>]

I agree with you (or at least, I am definately skeptical of
the numbers for sure).

But there sure ares a lot of people being fleeced. :-/

- ferg

p.s. I had a rather lengthy response all ready to send, but trimmed
it down considerably. :-)


-- Alex Eckelberry <AlexE () sunbelt-software com> wrote:

I see crap all day, like the rest of you, and I just don't see the
numbers being that astronomical.  There's plenty of machines infected,
plenty of zombies, botnets, etc. but is it really higher than even 5% of
the total computing population?  I mean, that's a HUGE friggin number. 

Alex

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Fergie
Sent: Tuesday, May 09, 2006 8:32 PM
To: Valdis.Kletnieks () vt edu
Cc: funsec () linuxbox org; privacy () whitestar linuxbox org
Subject: Re: [funsec] Webroot Uncovers Thousands of Stolen Identities


Well, I _do_ have a #4 and it is probably a mash-up of
all three that you outlined.

4) Indeed, 87% probably _is_ highly over-estimated (perhaps for
marketing impact, but that doesn't really matter), but I do believe that
it is higher than 40%-50%.

Remember -- we're talking consumer PC's hanging off of NTL, Bulldof,
Comcast, SBC/AT&T, whatever,.

The reason I say this is pretty darned simple -- people are
too fucking reliant on virus scanners/disinfectors once they have been
had (compromised) to magically fix their problems.

I believe a _very_low_percentage_ of once-infected hosts ever bother to
re-image their machines once they have "cleaned" their systems, and this
is why I believe numbers lie.

Once a machine is pwn3d, even if they "clean" the offensive, infected
suspect files off of their computer -- it sis still to late. if a mchine
is not re-imaged, there is a high likelyhood that the host now has been
fitted with a trojan-downloader bakdoor, which is used to _____________.

Of course, I have no solid evidence to back my number theory, but I do
have solid first-hand experience in a ~10,000 enterprise network which
has (and probably still does) experience this phenomenon.

I could go on... :-)

Your thoughts?

- ferg

-- Valdis.Kletnieks () vt edu writes:

On Tue, 09 May 2006 23:37:44 -0000, Fergie said:
> Personally, I think we *are* seeing it. Deluges of it.
>
> Every day, week, month, etc, ad nasueum.

Do a back-of-envelope.  600 *million* computers.  Call it half a billion
with spyware.

We're seeing hundreds and thousands of hits per day.  100,000 is all of
0.02% of half a billion.

Even if they took 1% for a ride, that would be 5 million cases of fraud.

One of 3 possibilities:

1) That 87% is waaaay over the top, and 8% is more reasonable.  I don't
buy this for a moment.

2) The spyware community is either inept, or even 1% is enough to make
them all rich enough to not work harder, or the bottleneck is elsewhere
- cashout or similar issues.

3) The spyware community is very cognizant of *exactly* how much fraud
the credit card companies will tolerate, and are good at flying under
the wire....

Take your pick, or suggest a #4.


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.