[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Samuel Tarling wrote: > >> I don't see why you say "form such a group", this is usually one or >> two individuals using bot nets. > > One would beg to ask what is more likely. I'm merely going on the > assumption that its a group of people because, to be honest, a botnet > of this size would have more than one controller (unless people are > amazingly stupid this type of year and downloaded a HELL of a lot of > infected files :P). You can be assured people are stupid. But quite a few botnet owners have been arrested, so we have some data although I haven't seen any summary figures. Quite often they are lone individuals, rarely more than 3 people. Indeed I think it is easier to organise crime with loose networks of individuals. They might buy or download malware tools from other crooks, and mostly they are rented out for spamming. I wouldn't think it would take a big network to take out twitter. 20,000 PCs with 256Kbps uplink each is a moderate sized botnet, and gives about 5Gbs of bandwidth to an attacker. Use DNS amplification, or some other protocol that allows amplification, and you can probably up that an order of magnitude. Which means 20,000 PCs could net you over a tenth the peak traffic at the London Internet exchange, that'll take out pretty much anything. Obvious DNS amplification is tedious and difficult to organise, but even 5Gbps is pretty damaging for most sites. Probably you wouldn't need anything like that to take out twitter by brute force, let alone if they all do HTTP(S?) fetches of the largest object on twitter.com available for public download. We routinely see botnets of 5,000+ taking part in spam runs. Add in 46,000,000 twitter users hitting reload because it didn't load.... > Saying that....it may well be the stupidity, I had to talk someone > out of using IE 6 last week... IE6 is still the most popular browser in China at the moment. Current example. We have half a million Chinese surfers being sent to zy.com each weak because some Chinese pay per click scammer mistyped a domain name! I assume this guy has done some sort of automated hack of Chinese websites, since there are a load of apparently unrelated website having some portion of their traffic redirected to us. Now imagine the guy running this scam is offered money for getting adware onto those peoples PCs. He is directing less than 1 in 3 surfers who visit these sites are sent to our website (if I read his Javascript correctly). So he already has access to 1.5 million Chinese browsers a week. Most of these are IE6, ~50% at least will have vulnerable Adobe Flash player. How hard is it going to be to buy or fine a suitable exploit for the Adobe Flash vulnerabilities to install software of his choice, say he has a 10% success rate with that, that is 150,000 owned machines a week! Okay a lot of these are going to be the same browser each week, but still you can get a very big botnet very quickly if you find a website exploit (or borrow one) and automate it to grab traffic. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html