RE: Storm, Nugache lead dangerous new botnet barrage

Someone want to explain this? Does Storm exchange keys on behalf of the infected hosts? Why encrypt the traffic? -TD

Date: Wed, 2 Jan 2008 18:46:37 +0100 From: eugen@leitl.org To: cypherpunks@al-qaeda.net; info@postbiota.org Subject: Re: Storm, Nugache lead dangerous new botnet barrage

----- Forwarded message from Brandon Enright <bmenrigh@ucsd.edu> -----

From: Brandon Enright <bmenrigh@ucsd.edu> Date: Tue, 1 Jan 2008 02:02:24 +0000 To: cryptography@metzdowd.com Cc: bmenrigh@ucsd.edu Subject: Re: Storm, Nugache lead dangerous new botnet barrage Organization: UCSD ACS/Network Operations X-Mailer: Claws Mail 3.2.0 (GTK+ 2.12.1; i686-pc-linux-gnu)

On Fri, 28 Dec 2007 09:06:44 -0800 or thereabouts "' =JeffH '" <Jeff.Hodges@KingsMountain.com> wrote:

...

Storm, Nugache lead dangerous new botnet barrage By Dennis Fisher, Executive Editor 19 Dec 2007 | SearchSecurity.com

<http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci12868 08

...

,00.html?track=NL-358&ad=614777&asrc=EM_NLN_2785475&uid=1408222>

...snip...

Storm made a pretty significant comeback this week:

http://noh.ucsd.edu/~bmenrigh/stormdrain/stormdrain.enctotal_encactive.html

Note that those graphs are *only* from the peers that speak encrypted Overnet. If you include all the legacy Storm bots out there that still speak the unencrypted variant Storm is getting back up to its heyday size.

Brandon

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

_________________________________________________________________ Watch Cause Effect, a show about real people making a real difference. http://im.live.com/Messenger/IM/MTV/?source=text_watchcause