The EU agency for Internet security Enisa has published a report on botnets. His title is “botnets: 10 Tough Questions.” The Authority expresses doubts among other things, that the size of a botnet is directly related to the security risk posed by him. The number of affected units will probably hyped effect of reasons.
“Numbers say nothing at all,” said Giles Hogben, ENISA botnet expert, compared to ZDNet UK. “Even a botnet consisting of 1000 machines, can cause great damage.” Therefore need to focus on other aspects.
The numbers involved in computer botnets would be imputed on the basis of random samples, it is said in the report (PDF). At the same time there but no explanations of how these estimates come about.
“Commonly used projections of botnet size, which also attracted the attention of the media have acquired, move on Conficker between seven and nine million affected computers, Mariposa is more than 13 million infected machines have covers, and up to 30 million computers are likely part of the Bredolab been his botnet, “the authors write. “Large numbers imply great dangers -. And so much attention There is significant potential to overestimate the amount of bots.”
Methods as the counting of IP addresses of infected traffic, according to Enisa can not give information about the size of a botnet. For example, the University of California have in an investigation of the botnet Torpig different numbers (PDF) will receive: An analysis of individual IP addresses supplied accordingly hosts 1.2 million – while the analysis of a single bot Identifier showed only 180,000 zombie computers.
Although media had in this case actually hawked the 180,000 infected devices, but organizations may be interested in publishing high estimates in order to attract investors, said Hogben. “You have two equally unbelegbare numbers, but you choose the larger, because it meets your goals.” Attention from the media is one point, another political goals. “Or conceal the fact that not one’s own security defense was particularly effective. ‘My guardian has failed against a horde of 30 million zombie PCs’ does not sound as bad as ‘My site was dismantled by 30 computers’.”
Enisa The report also included recommendations to European legislators. For example, consider that there a so-called “good Samaritan law” makes sense. The aim is to exclude the liability of hackers, if they act in good faith against botnets. It must however be taken to vigilante justice to stop the Internet.
HIGHLIGHT Android malware: real danger or hype?
Antivirus vendors warn against pests in the Android Market and offer fee-based protection. ZDNet explains why there are virtually no malware for the Google OS, and a virus protection is not needed. »Read more …
