[88845] in North American Network Operators' Group
Re: and here are some answers [was: Quarantine your infected users
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Feb 21 07:36:41 2006
Date: Tue, 21 Feb 2006 14:33:57 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Simon Waters <simonw@zynet.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <200602210925.39350.simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
Simon Waters wrote:
> I've seen 95% quoted - certainly my experience if you go looking for malware
> in recent Windows desktop machines using IE and Outlook it is pretty much a
> certainty you'll find it. Most of these tools I was using didn't detect the
> Sony Rootkit, or other malware, so this will always be an underestimate of
> the true extent of the problem, unless one uses fingerprinting and packet
> inspection as the tools of choice for malware detection.
>
> This is very much a Windows only problem, it doesn't affect desktop users of
> other systems at all, possibly in part because they lack critical mass, but
> also because they have more sensible security models. Largely it is an
> Outlook and IE problem.
>
Hi Simon, this is indeed a Windows problem due to Microsoft being a
mono-culture in our desktop world. Still, there are botnets constructed
from other OS's as well. Also, C&C servers are mostly *nix machines.
Gadi.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
