nanog mailing list archives
Re: and here are some answers [was: Quarantine your infected users spreading malware]
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 14:33:57 +0200
Simon Waters wrote:
I've seen 95% quoted - certainly my experience if you go looking for malware in recent Windows desktop machines using IE and Outlook it is pretty much a certainty you'll find it. Most of these tools I was using didn't detect the Sony Rootkit, or other malware, so this will always be an underestimate of the true extent of the problem, unless one uses fingerprinting and packet inspection as the tools of choice for malware detection.This is very much a Windows only problem, it doesn't affect desktop users of other systems at all, possibly in part because they lack critical mass, but also because they have more sensible security models. Largely it is an Outlook and IE problem.
Hi Simon, this is indeed a Windows problem due to Microsoft being a mono-culture in our desktop world. Still, there are botnets constructed from other OS's as well. Also, C&C servers are mostly *nix machines.
Gadi.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
Current thread:
- Re: and here are some answers [was: Quarantine your infected users spreading malware], (continued)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Valdis . Kletnieks (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Jim Segrave (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] John Curran (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] John Curran (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Jim Segrave (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Sean Donelan (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Valdis . Kletnieks (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Simon Waters (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Jess Kitchen (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 21)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] bmanning (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Rob Thomas (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] bmanning (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Rob Thomas (Feb 20)
- Re: and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 20)
- botnets for good? [was: and here are some answers] Gadi Evron (Feb 20)
- RE: Quarantine your infected users spreading malware Bill Nash (Feb 20)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 20)