[ISN] USENIX LEET 2008 workshop raises questions about Storm botnet size

From: InfoSec News (alerts@private)
Date: Thu Apr 17 2008 - 01:29:36 PDT


Forwarded from: Kristian Erik Hermansen <kristian.hermansen (at) gmail.com>

I was one of about 75 people to attend the highly academic conference 
put on by USENIX and sponsored by Google this Tuesday in San Francisco.  
Large-Scale Exploits and Emergent Threats was a gathering of mostly 
security researchers interested in the future of malware. During most of 
the talks, researchers focused on analysis and information gained from 
penetrating the Storm botnet.  By the end of the day, it became clear to 
nearly everyone in the room that the size of Storm could be drastically 
over-estimated due to the data injection techniques being used against 
the worm by researchers at UC San Diego and other Universities.  At one 
point, Niels Provos even yelped out and lightly lambasted Thorsten Holz 
for intrusive analysis that undoubtedly caused falsified data to be 
propagated, which ultimately resulted in exaggerated media reports.  
Chris Kanich of UC San Diego did offer evidence that the lower bound 
must be approximately 200,000 infected hosts.  See the link below for 
access to the papers.  I am also told that an MP3 audio recording will 
be available in the near future to LEET attendees.

http://www.usenix.org/events/leet08/tech/
--
Kristian Erik Hermansen
--
"Clever ones don't want the future told. They make it."


-==-
Let identityLoveSock take your personal information into 
their wanting hands. http://www.identity-love-sock.com/ 
Because victims have money too. 



This archive was generated by hypermail 2.1.3 : Thu Apr 17 2008 - 01:47:40 PDT