[88838] in North American Network Operators' Group
Re: and here are some answers [was: Quarantine your infected users
daemon@ATHENA.MIT.EDU (Rob Thomas)
Tue Feb 21 01:22:45 2006
Date: Tue, 21 Feb 2006 00:21:47 -0600 (CST)
From: Rob Thomas <robt@cymru.com>
To: bmanning@vacation.karoshi.com
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <20060221061031.GB7311@vacation.karoshi.com.>
Errors-To: owner-nanog@merit.edu
Hey, Bill.
The vast majority of what I see is based on financial gain.
Popping a web+database server, installing a rootkit, and
transferring off the day's business transactions is a lot more
certain than popping 10K Windows boxes and hoping the users go
shopping. Yep, seen it more than once. Check your PHP-based
tools, folks.
According to the criminals, Internet-wide mayhem would really
get in the way of the revenue stream. They need a stable
Internet to get the cash.
Cleaning out bank accounts is more lucrative than one might
suspect. The current record observed by us is approximately US
$3M in one take. Most of them are much smaller. That bothers
me more, actually. What person with only US $800 to their name
has a hope of rapid response to the loss of all their cash?
Just to be clear I agree that home users using Windows are at
risk for all sorts of nasty things, and they need help. I also
didn't want folks to believe that it is a problem related to
one OS or demographic. It's a problem of crime, mostly.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.cymru.com/
ASSERT(coffee != empty);
