Home page logo
/

nanog logo nanog mailing list archives

Re: and here are some answers [was: Quarantine your infected users spreading malware]
From: Valdis.Kletnieks () vt edu
Date: Tue, 21 Feb 2006 01:41:58 -0500

On Mon, 20 Feb 2006 23:54:38 EST, Sean Donelan said:
On the other hand, the number of infected computers never seems to spiral
out of control. I've been wondering, instead of trying to figure out why
some computers get infected, should we be trying to figure out why most
computers don't become infected?

I've seen more than one estimate that most computers *are* infected by at least
one piece of malware/spyware/etc, (including numbers as high as 90%) and if the
site that was tracking 1M new zombies/day is to be believed, they *are*
spiraling out of control.

And when a significant fraction of all new computers are bought as a virus/worm
control method, things *are* out of control:

http://www.nytimes.com/2005/07/17/technology/17spy.html?ei=5090&en=5b2b6783f66a7422&ex=1279252800&adxnnl=1&partner=rssuserland&emc=rss&adxnnlx=1121859260-edx1SJD7lWy7D6PMipItjw

I suspect that in fact, a *lot* of computers have crud on them, but people's
expectations have dropped - as long as the virus doesn't actually kill the
host, it's tolerated.

If Aunt Matilda is avoiding all this stuff, the most likely reason that Aunt
Matilda doesn't get more crudware on her system is because she wouldn't be
caught dead visiting non-reputable websites that you're likely to get caught in
a drive-by fruiting - and none of her friends would either, so she never gets
her e-mail address scraped and used as a target...

But we already knew that, and there's no good way to leverage it when everybody
who *isn't* an Aunt Matilda *does* visit those kind of sites, or knows people
who do...

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]