Home page logo
/

nanog logo nanog mailing list archives

Re: and here are some answers [was: Quarantine your infected users spreading malware]
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 14:33:57 +0200


Simon Waters wrote:
I've seen 95% quoted - certainly my experience if you go looking for malware in recent Windows desktop machines using IE and Outlook it is pretty much a certainty you'll find it. Most of these tools I was using didn't detect the Sony Rootkit, or other malware, so this will always be an underestimate of the true extent of the problem, unless one uses fingerprinting and packet inspection as the tools of choice for malware detection.

This is very much a Windows only problem, it doesn't affect desktop users of other systems at all, possibly in part because they lack critical mass, but also because they have more sensible security models. Largely it is an Outlook and IE problem.


Hi Simon, this is indeed a Windows problem due to Microsoft being a mono-culture in our desktop world. Still, there are botnets constructed from other OS's as well. Also, C&C servers are mostly *nix machines.

        Gadi.


--
http://blogs.securiteam.com/

"Out of the box is where I live".
        -- Cara "Starbuck" Thrace, Battlestar Galactica.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault