Malware "best practices"

Ben Scott dragonhawk at gmail.com
Wed Jul 26 21:34:00 EDT 2006 

On 7/26/06, Chris Brenton <cbrenton at chrisbrenton.org> wrote:
>>   I wish.  Recall that SQL Slammer hit in 2003, and severely impacted
 > the whole Internet.
>
> Agreed, but the cost was distributed. I think you would be hard pressed
> to find anyone that went out of business solely because of Slammer.

  I see your point.  It's generally not fatal.  Of course, while the
cost can be managed on an individual basis, the aggregate cost is
still staggering.  Symantec, CA, NAI, Cisco, et. al., make brazilians
selling defenses against this stuff, and the whole IT world looses
more dealing with it all.  Survival beats the alternative, but the
costs still suck.

> So the old AV model was to mass infect as many people as possible and
> brag to your friends. Sure we are still seeing that today, but its
> mostly kiddies with more ego than skills.
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  That part is not new, either.  ;-)

> This is also going on in industry but its kept pretty quiet.

  I guess so.  I was especially interested in possible stats on
significant increases in such attacks.  I get all sorts of news
bulletins, but it's hard to tell the fearmongering from legit
concerns.  There's also the question as to the level at which things
are happening.  I mean, I'm not surprised to find government agencies
being targeted by such attacks, but larger adoption in the private
sector is... very interesting indeed.

>>   That is like just a reflection of overall deployment percentages.
>> If we're talking targeted attacks, there is certainly nothing
>> preventing anyone from targeting nix.
>
> I have a theory on this... A majority (not all) of the folks running
> Linux have a clue about what goes on under the hood ...

  Agreed, completely.  I reached the same conclusions myself, and I
know others did before me.  Linux (and even Mac, to some extent) has a
couple of advantages which stem not from the software, but the
situation:

  (1) A smaller total installed base.  All other things being equal,
attackers generally go after the bigger targets.

  (2) A higher barrier to entry (regardless of cause) means the
average competency level is higher.  There's a lot more stupid Windows
lusers than stupid Linux lusers.

  If Linux (or Mac) starts to win serious overall installed base (I'm
talking > 50% here), I strongly suspect we'll see much of the same on
Linux.

  Back in the days of the Lion worm, several clueless Linux operators
I know were hit, bad, because patching was just something they didn't
know or bother about.

-- Ben

More information about the gnhlug-discuss mailing list