[Dshield] Symantec: spam, phishing grow, botnets shrink in '04

Commerco WebMaster Webmaster at Commerco.Net
Thu Mar 24 18:49:12 GMT 2005


Thank you for your observation.  This seems the most reasonable explanation 
so far.

Adding the "detected" word in your last sentence really made all the 
difference for me.  I cannot imagine the authors of all the destructive and 
offensive drek that masquerades as or is contained as a payload in email 
messages would ever wish to lose or harm their distribution 
environment.  That would seemingly defy logic and reason.  Changing tactics 
to protect discovery of their botnets by making them more stealthy and 
thereby less detectable, on the other hand, makes complete sense.

Perhaps the Symantec report's conclusion as regards botnets fell into the 
trap illustrated through this old joke - Statistics are like a bikini, what 
they reveal is interesting, but what they can hide is critical.


Alan Maitland
WebMaster at Commerco.Net
The Commerce Company - Making Commerce Simple(sm)

At 12:49 PM 3/23/2005, you wrote:
>"Alan Maitland" <Webmaster at commerco.net> writes:
> > To me these rising and declining data points occurring together seem
> > somewhat counterintuitive.  I am on page with Symantec as regards an
> > increase in spam and information theft schemes, but the other seems off to
> > me.  What do you make of it?
>At this point, evidence seems to indicate the 'bot masters are now using
>lots of small 'bot nets instead of large ones.  The reasoning is that if one
>net is uncovered, they only lose a small percentage of their total.
>It also makes detecting these nets much more difficult.
>One should take the Symantec report with a grain of salt.  I believe
>the total number of PCs running 'bots and the number of 'bot nets continues
>to grow, but the number of 'bot nets actually detected is shinking.
>Bob Poortinga  K9SQL
>Bloomington, Indiana  US

More information about the list mailing list