[74643] in North American Network Operators' Group
Re: short Botnet list and Cashing in on DoS
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sat Oct 9 16:14:07 2004
Date: Sat, 09 Oct 2004 22:17:11 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Mehmet Akcin <mehmet@akcin.net>
Cc: nanog@merit.edu
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAH97GtpCKokie78mQhUIYe8KAAAAQAAAAr4Sj3Y4VI0mz/wGcjbqrfAEAAAAA@akcin.net>
Errors-To: owner-nanog-outgoing@merit.edu
From a recent email I gather this is very off-topic, so I will try to
be brief in my reply.
> (Geneva.CH.EU.*) since 3+ years. I can say from my experiences I couldn't
> make any kind of communication between botnets and spam. Most Trojan codes I
> have looked into doesn't have any command/action to make users send spam
> emails and such however they try infecting others by different ways that
> port 25 can't avoid.
Short answer:
Many of the infected systems have more Trojan horses installed than the
original infecting agent. Many Trojan horses have spam-sending or
relaying capabilities.. or even just anonymity capabilities or ID
theft/DDoS options. Thing is, there are always more options that can be
later installed.
As to you not seeing them.. I suppose it's as simple as you not seeing
enough of them.. count your blessings.
Gadi.
