[Dshield] Symantec: spam, phishing grow, botnets shrink in '04
Webmaster at Commerco.Net
Thu Mar 24 18:49:12 GMT 2005
Thank you for your observation. This seems the most reasonable explanation
Adding the "detected" word in your last sentence really made all the
difference for me. I cannot imagine the authors of all the destructive and
offensive drek that masquerades as or is contained as a payload in email
messages would ever wish to lose or harm their distribution
environment. That would seemingly defy logic and reason. Changing tactics
to protect discovery of their botnets by making them more stealthy and
thereby less detectable, on the other hand, makes complete sense.
Perhaps the Symantec report's conclusion as regards botnets fell into the
trap illustrated through this old joke - Statistics are like a bikini, what
they reveal is interesting, but what they can hide is critical.
WebMaster at Commerco.Net
The Commerce Company - Making Commerce Simple(sm)
At 12:49 PM 3/23/2005, you wrote:
>"Alan Maitland" <Webmaster at commerco.net> writes:
> > To me these rising and declining data points occurring together seem
> > somewhat counterintuitive. I am on page with Symantec as regards an
> > increase in spam and information theft schemes, but the other seems off to
> > me. What do you make of it?
>At this point, evidence seems to indicate the 'bot masters are now using
>lots of small 'bot nets instead of large ones. The reasoning is that if one
>net is uncovered, they only lose a small percentage of their total.
>It also makes detecting these nets much more difficult.
>One should take the Symantec report with a grain of salt. I believe
>the total number of PCs running 'bots and the number of 'bot nets continues
>to grow, but the number of 'bot nets actually detected is shinking.
>Bob Poortinga K9SQL
>Bloomington, Indiana US
More information about the list