Storm, Nugache lead dangerous new botnet barrage
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Jan 13 04:28:27 PST 2008
Len Sassaman <rabbi at abditum.com> writes:
>I'm not sure that this *does* make it harder to disrupt the botnet, though,
>does it? Does anyone have example traffic dumps of these encrypted payloads?
>It should be possible to identify and block this traffic; it's going to
>follow some unique pattern.
It doesn't have much effect on passive blocking, but what it stops (or at
least makes lot harder) is two things: Active attacks (penetration of botnet
servers by security people is a serious problem for the botherders, and I
assume competing botherders find this an easy target as well), and leeching of
botnet-collected data by others. It's mostly back to enterprise DRM again.
Peter.
More information about the cypherpunks-legacy
mailing list