Confliker defense paradigm flawed.By Gerald: Internet Anthropologist Think Tank.
05.25.09
The anti-confliker team is loosing the Battle.
They have been beat at every turn.
There are 10 million zombies in this botnet.
And the anti-confliker group knows they are
out there and have not been able to penetrate
the C2 structure.
The best Internet security minds in the world
FBI, Kaspersky, Symantec, Microsoft,
the Internet Corporation for Assigned
Names and Numbers (ICANN), and others,
are unable to take confliker off line, or
take control of the bot net.
"The application layer has typically been
used as the attack vector, but we are
beginning to see the DNS resolution used
as the command and control," said Twomey
of ICANN.
The White Hats are not as good as the
Black hats.
Our paradigm intel indicates conflicker
is an inside job, the joint operation of
a well placed White hat working with
a genius Black hat.
And Micro Soft is the enabler for
conflicker bots.
Micro Soft's profit paradigm denys
security updates to illegal copys of the
OS.
Micro Softs policy of denying security
updates to illegal copys of its OS allows
confliker to survive and live.
ICANN's Twomey insisted the group's efforts
against Conficker proved that key internet
players, such as Top Level Domain registrants,
are capable of coordinating a response to
such threats.
Yes, they have managed to coordinate a
response, they can work together,
but they have been slow, and confliker
has always been one step ahead of them.
In an real emergency the anti-conflicker
group would be sluggish and unresponsive
in a real time basis.
So far conflicker's motives has been remarkably
non-violent. This provides a very lucky opportunity
for the security community to work out a formal
response method and group.
So far their efforts have been on an ad hoc basis.
The WWW is vurenable to a cyber Pearl Harbor
attack that could turn the WWW off, for days or weeks,
maybe much longer.
I hope this ad hoc committee leads to a formalized
group to protect the WWW.
The committee had broke part of the confliker algorithm
and get a listing of a few thousand URLs it was going to
check for instructions, and block them.
Then confliker changed its algorithm to check several
hundred thousand URLs.
And it found several 'go arounds' for the committee's
efforts to stop it.
Now the bot net and other cyber criminals are joining
forces to combat the committee and expanding
methods of its criminal enterprise.
And the committee seems powerless to stop them.
There are solutions, way outside the box.
But the Internet Security Vendors continue to play
second place to these Internet Black hats, with
ineffective security programs and lack of a unified
response to hacking, security problems and Internet
safety.
It wasn't the first time a botnet operator has attempted to compromise DNS servers to magnify its capacity to add to its army.
At an ICANN conference held in Mexico in March this year, Rod Rasmussen, chief technology officer of phishing take-down firm Internet Identity, showed evidence of a recent nine-hour attack on CheckFree, an online bill payment provider to 22 US financial institutions, which resulted in a two-day shut down of affected online services and an estimated 10,000 infections over 48 hours.
"Somebody came in and took over the CheckFree's domain name portfolio at their registrar. They changed the DNS servers for those domains and pointed [...] basically every host name that would resolve under their domain names to a malware server that was in the Ukraine. Anybody who tried to go to CheckFree.com or any of their other domain names were redirected, instead, to a malware server and were exposed to getting malware download on their computer," Rasmussen said.
In a similar vein to the attack on CheckFree, hackers targeted MelbourneIT's New Zealand subsidiary, Domainz. The hackers, who appeared to be politically motivated, defaced Coca-Cola, Microsoft, Xerox and F-Secure's websites by injecting name server records for the domains in question by compromising Domainz' infrastructure. It didn't knock out critical national infrastructure, but it was able to take down several large companies' websites for a few days.
Kaspersky says, "It's a major example of their internet weapon, because the bad guys can use a botnet this size, not just for commercial interests, but other interest also."
Quotes: excerpted from SOURCE:
Its just a matter of time, and the committee needs to use
this time to obtain funding, organize and formalize a response
method, and fundamentally change its paradigm, before the
WWW is held ransom.
Gerald
Tactical InternetSystems analyst.
Could the attack on FBI computers
be related to conflicker?
NSA not on confliker team:
Internet Anthropologist Think Tank: NSA director: Securing U.S. ...
.
losing is spelled "losing", not loosing.
ReplyDelete