[funsec] Finjan botnet story - fact or fiction?

Julio Canto jcanto at hispasec.com
Thu Apr 23 03:25:15 CDT 2009


David Harley escribió:
>> ESet is detecting it 
>> (http://www.eset.com/threat-center/blog/?p=995) but they 
>> don't seem to think it's a big-deal botnet.
> 
> I hope that doesn't come back to haunt us. :-/

FireEye published some comments about that same thing:

http://blog.fireeye.com/research/2009/04/hexzone-ransomware-and-finjan.html#more

"It is possible that the zombie count discussed in the Finjan article
includes zombies from multiple botnets instead of one. The idea that a
central management system is being used to control the complete
botnetweb instead of an individual bontnet looks more believable.  A
large figure like 1.9 million zombies is also understandable when we
think in terms of a botnetweb.  Otherwise (in my personal opinion) a
piece of malware like Hexzone which is known to rely mostly on social
engineering and passive attacks to spread may not be able to gain such a
size in a few months as Finjan illustrated."


-- 
Regards,

Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025
| Fax: +34.952.028.694 | PGP Key ID: EF618D2B | jcanto at hispasec.com


More information about the funsec mailing list