[funsec] Finjan botnet story - fact or fiction?
Julio Canto
jcanto at hispasec.com
Thu Apr 23 03:25:15 CDT 2009
David Harley escribió:
>> ESet is detecting it
>> (http://www.eset.com/threat-center/blog/?p=995) but they
>> don't seem to think it's a big-deal botnet.
>
> I hope that doesn't come back to haunt us. :-/
FireEye published some comments about that same thing:
http://blog.fireeye.com/research/2009/04/hexzone-ransomware-and-finjan.html#more
"It is possible that the zombie count discussed in the Finjan article
includes zombies from multiple botnets instead of one. The idea that a
central management system is being used to control the complete
botnetweb instead of an individual bontnet looks more believable. A
large figure like 1.9 million zombies is also understandable when we
think in terms of a botnetweb. Otherwise (in my personal opinion) a
piece of malware like Hexzone which is known to rely mostly on social
engineering and passive attacks to spread may not be able to gain such a
size in a few months as Finjan illustrated."
--
Regards,
Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025
| Fax: +34.952.028.694 | PGP Key ID: EF618D2B | jcanto at hispasec.com
More information about the funsec
mailing list