fyi: Storm Worm botnet numbers, via Microsoft
Brandon Enright
bmenrigh at ucsd.edu
Tue Oct 23 17:41:53 EDT 2007
On Mon, 22 Oct 2007 17:55:39 -0700 plus or minus some time ' =JeffH '
<Jeff.Hodges at KingsMountain.com> wrote:
...snip...
> > I will be presenting /some/ of this work at Toorcon in San Diego this
> > Saturday:
>
> > http://www.toorcon.org/2007/event.php?id=38
>
> excellent, how'd it go? Anyone else present on Storm?
Things went pretty smooth. Storm is a complicated and evolving beast so a
50 minute talk can't really go into the depth that is needed to really
understand how it works. There weren't any other presentations at Toorcon
but it's a pretty hot topic so there should be more talks and papers coming
out from various researchers in the coming weeks and months.
It seems like whenever anyone says anything about Storm, the story gets
picked up by some news service and makes its way to Slashdot.
>
> > The presentation is not academic paper quality and takes more of a
> > code-monkey approach to the network. Real (sane and substantiated)
> > numbers, stats, and graphs will be presented. To the best of my
> > knowledge, it will be the first publicly released estimates of the size
> > of the network with actual supporting data and evidence.
>
> are your slides now available?
They are:
http://noh.ucsd.edu/~bmenrigh/exposing_storm.ppt
The link to the historical trends of the network is here:
http://noh.ucsd.edu/~bmenrigh/storm_data.tar.bz2
It can be very hard to track the size of a botnet, even in the case of
Storm where I'm crawling the network. Technologies like NAT can
significantly complicate things.
See
http://www.usenix.org/events/hotbots07/tech/full_papers/rajab/rajab_html/
for a discussion on tracking the size of botnets.
>
> =JeffH
>
My slides should provide adequate detail for someone to understand how to
interpret the graphs and data. For specific questions, feel free to email
me directly.
Brandon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list