18 hours on we havent had a meltdown

Social Networking
Tags

Annoyances Apache ASN BibTex blog Books conferences Dapper DNS exploit FireFox 3 firewall FreeBSD Google Hacking Hardy Hilbert Curve InetVis Internet JabRef Linux LyX Malware Networking Network Telescope PhD research RFC Security Security Tools spam Squid Tenet Ubuntu Uncategorized Unix Upgrade uptime VizSec Vizualization web 2.0 Windows wordpress x509 XP
Bookshelf
Planned books:
- Hacking Exposed Wireless (Hacking Exposed) by Johnny Cache
- Applied Security Visualization by Raffael Marty
- Real Digital Forensics by Keith J./ Bejtlich, Richard/ Rose, Curtis W. Jones
- Visual Data Mining: Techniques and Tools for Data Visualization and Mining by Tom Soukup
Current books:
- Pro DNS and BIND by Ron Aitchison
- A Handbook of Statistical Analyses Using R by Brian S. Everitt
- Applied Regression Including Computing and Graphics (Wiley Series in Probability and Statistics) by R. Dennis Cook
Recent books:
- Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith
- Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems by Chris Sanders
- Apache: Inside the Cockpit of the World’s Most Deadly Fighting Machine by Ed Macy
- Forensics by Zakaria Erzinclioglu
- Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos
View full Library
Recent Infosec Bookmarks
Count per Day
- 26432Total visitors:
← RIP LT box Cleaning up… →

18 hours on we havent had a meltdown

April 1st, 2009 · No Comments
Eighteen hours into the much hyped first days of Confickers new update cycle (started at 00h00 local time on the 1st of April), and surprisingly the Internet has not melted down. Masses of FUD have been spread, and probably a LOT of AV product has been sold. What has been a positive spinoff of this is that awareness has been created among the general public. What has snot been so positive is that people getting they information form the popular press have no way of actually stripping out the facts.

During a break after I presented a talk on Cyber warfare last night, I had a number of questions relating to the proported meltdown today -
- “Should we keep our machines off?”
- “How do we stop this?”
- “How do I stop getting infected?”
- “What antivirus must we buy?”
Here in deepest darkest africa, we have two unintended benefits that come form the general means of network engineering done here. Both stem in reality from the paucity of real bandwidth currently (and historically available). The first is that most organisations block direct port 80/tcp (http) and related port access to the Internet, forcing the requirements to use proxy servers. This cuts off confickers ability to update. In the resedential SOHO market, theoreticlaly direct end to end port 80 access is possible , but more often than not there is a transparent proxy in the way. I doubt ISPs are doing any domain filtering on these however. What works as a means of self limitation is that fact that should any massive wave of attacks spring forth from the SOHO /Residential type users, it will be cut short as they rappidly burn though their “bandwidth cap” – in most cases 1-3 Gig.

What is interesting is what the actual next move will be. I think its highly unlikley that this will be used for an all-out offensive and then disposed of. The authors have carefully engineered through four releases of the Hybridised Malware, and in essence have made a fairly substantial investment. The most likely scenario is that tis is yet another botnet for sale – albeit a potentially massive one.

Botnets themselves are nothign new, we have seen what Storm has done ( and is still doing).

For now we bunker down and wait…..
Tags: Uncategorized
0 responses so far ↓
- There are no comments yet...Kick things off by filling out the form below.
Leave a Comment

Name

Mail

Website
- Popular Posts
- Twitter: barryirwin
  
  Into the final session at #satnac. Suffering a bit of gastronomic overload :-) 11:22:41 AM September 08, 2010 from web
  
  Talk done for #satnac now I can relax and enjoy the other research presentations 12:31:28 PM September 07, 2010 from web
  
  trying to discuss #cuda architecture stuff with minion in prep for talk at #satnac - lack of coffee is making my head hurt. Oh no a Sigma.. 12:31:26 PM September 06, 2010 from web
  
  Again Africa premier telecoms conf and no free wifi #satnac 08:53:23 AM September 06, 2010 from Twitter for BlackBerry®
- Visitors
- Disclaimer
  
  This blog and its contents are in no way affiliated with, or endorsed by my employer
- Blogroll
- SecurityFocus News
- Tip of the Day
- Top Malware via clamav
© 2006–2007 Static in the Ether — Sitemap — Cutline by Chris Pearson

Static in the Ether

Unix, Information Security & Systems Administration

Social Networking

Tags

Bookshelf

Planned books:

Current books:

Recent books:

Recent Infosec Bookmarks

Count per Day

18 hours on we havent had a meltdown

April 1st, 2009 · No Comments

0 responses so far ↓

Leave a Comment

Popular Posts

Twitter: barryirwin

Visitors

Disclaimer

Blogroll

SecurityFocus News

Tip of the Day

Top Malware via clamav