Why Security Vendors are loosing
Why Security Vendors are loosing the Battle.
Q & A WITH Dancho Danchev and Thorsten Holz, researcher at Vienna University of Technology, whose team not only participated in the recent takedown of the Waledac botnet, but released an interesting paper earlier this year, summarizing their findings based on 33GB of crimeware data obtained from active campaigns......
Presumably an attacker can also use other methods to access a dropzone from another attacker: an attacker could exploit vulnerabilities in the dropzone’s web app (e.g., SQL injection, default passwords, open MySQL access etc.), something that we could not do as part of our research. There have been some reports about vulnerabilities in dropzone kits, and I am sure that one could find other ways to access a dropzone.
Dancho: With Zeus clearly reaching a monocultural stage within the cybercrime marketplace, a remote exploitable flaw within the kit’s web interface could trigger an effect often seen from a white hat’s perspective. In fact, there have been cases of cybercriminals hijacking one another’s Zeus botnets due to insecurely configured web servers.
Do you believe these are isolated incidents, or a logical development in the long term, which can contribute to the rise of underground turf wars?
Thorsten: I think that this is a logical development: If I would be an attacker, it would be way easier to simply exploit other dropzones than doing all the hard work on my own (buying the kit, hosting it, exploiting machines etc.). And with tools such as ZeuS Tracker I could also easily find other dropzones and perform my attack on a larger scale.
I'd like to make two points here.
#1 bot nets are subject to hijacking, and subversion.
#2 Researchers and Security Vendors do not have the legal where withall to
get a court order to penetrate bot nets; like the Police can get a legal writ to wire tap.
get a court order to penetrate bot nets; like the Police can get a legal writ to wire tap.
And the Police do not have the computer where withall to know how to penetrate
a bot net.
a bot net.
So the Bot Nets remain secure, and untouchable.
And the most effective methods to go after bot nets remain extra legal and unused.
while the bot nets rampage on the Internet.
while the bot nets rampage on the Internet.
There needs to be a marriage between the FBI and a core team of the
best hackers the Security Vendors have, to make the "wiretapping, extra legal"
methods available to bring down these bot nets. The FBI to provide legal cover
while the Security Vendors hack the bot nets and put in place their own
security back doors.
best hackers the Security Vendors have, to make the "wiretapping, extra legal"
methods available to bring down these bot nets. The FBI to provide legal cover
while the Security Vendors hack the bot nets and put in place their own
security back doors.
The bot nets could be subverted by others for destruction of crimeware families
or the WWW its self ( DHS secret level 4. )
or the WWW its self ( DHS secret level 4. )
Gerald
Anthropologist
Tactical Internet Systems analyst.
Labels: Why Security Vendors are loosing
posted by gerald at
3/21/2010 11:59:00 AM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home