SlideShare a Scribd company logo

RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns

Symantec Hosted Services
Symantec Hosted Services

RSA Conference 2010 Lessons in Botnets: The After-effects of ISP Takedowns Alex Shipp Symantec Hosted Services Session ID: HT1-202 Session Classification: Advanced The takedown of four major ISPs over the past year has offered deep insight into spamming behavior and the life expectancy of some of the most powerful botnets ever known. With the demise of Intercage, McColo, Pricewert and Real Host, spam levels dropped to some of the lowest levels ever seen, but then quickly rose again in varying capacities. What have we learned about botnets from these landmark events and how can we use this intelligence to better track and defeat them?

Technology
1 of 50
Lessons in Botnets: The After-effects of ISP Takedowns Alex Shipp Symantec Hosted Services Session ID: HT1-202 Session Classification: Advanced Insert presenter logo here on slide master
AGENDA 2 Insert presenter logo here on slide master Brief History of Spamming ISP Takedowns Botnet Evolution What happens next?
3 A Brief History How spammers have changed over time 7 Insert presenter logo here on slide master
Spam Volume History 4 MessageLabs Intelligence Insert presenter logo here on slide master
Spamming Circa 2002 - Work from home! 5 Insert presenter logo here on slide master
Spamming Circa 2002 ,[object Object],[object Object],[object Object],[object Object],[object Object],6 6 Insert presenter logo here on slide master
What Changed? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],7 7 Insert presenter logo here on slide master
Example Spammer Tool - SendSafe Mailer 8 8 Insert presenter logo here on slide master
Spam Laws (US) ,[object Object],[object Object],[object Object],[object Object],[object Object],9 Insert presenter logo here on slide master
2004 - The Game Changer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],10 Insert presenter logo here on slide master
Where are we now? 11 11 Insert presenter logo here on slide master
A Massive Underground Spam Economy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],12 12 Insert presenter logo here on slide master
ISP Takedowns The effect of removing rogue ISPs Insert presenter logo here on slide master
Intercage/Atrivo - 2008 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],14 Insert presenter logo here on slide master
Intercage shutdown – 08 Sept 2008 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],15 15 Insert presenter logo here on slide master
Ozdok/Mega-D ,[object Object],[object Object],16 16 Insert presenter logo here on slide master
Intercage - the aftermath ,[object Object],[object Object],[object Object],[object Object],[object Object],17 17 Insert presenter logo here on slide master
McColo - the big bad ISP ,[object Object],[object Object],[object Object],[object Object],[object Object],18 18 Insert presenter logo here on slide master
McColo Visual Badware 19 19 Image courtesy of Washington Post: http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html Insert presenter logo here on slide master
What happened? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],20 20 Insert presenter logo here on slide master
Graph of spams/sec on our spamtrap 21 21 Insert presenter logo here on slide master
Which Botnets? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],22 22 Insert presenter logo here on slide master
Asprox ,[object Object],[object Object],[object Object],[object Object],[object Object],23 23 Insert presenter logo here on slide master
Gheg ,[object Object],[object Object],[object Object],[object Object],[object Object],24 24 Insert presenter logo here on slide master
Srizbi ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],25 25 Insert presenter logo here on slide master
Cutwail ,[object Object],[object Object],26 26 Insert presenter logo here on slide master
Bobax ,[object Object],[object Object],[object Object],27 27 Insert presenter logo here on slide master
What happened next? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],28 28 Insert presenter logo here on slide master
The McColo Effect 29 29 Insert presenter logo here on slide master
Pricewert/3FN ,[object Object],[object Object],[object Object],[object Object],30 30 Insert presenter logo here on slide master
Cutwail ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],31 31 Insert presenter logo here on slide master
Cutwail Shutdown 32 32 Insert presenter logo here on slide master
Cutwail Shutdown - Recovery ,[object Object],[object Object],[object Object],33 33 Insert presenter logo here on slide master
The Current State of Botnets - end of 2009 34 34 Insert presenter logo here on slide master
The Current State of Botnets - end of 2009 % of total spam 35 35 Insert presenter logo here on slide master
Overall Effect of ISP Takedowns ,[object Object],[object Object],[object Object],[object Object],[object Object],36 36 Insert presenter logo here on slide master
Botnet Evolution They just won’t die!
What can the bots do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],38 38 Insert presenter logo here on slide master
The Cutwail (Pricewert) Shutdown ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],39 39 Insert presenter logo here on slide master
Weak Encryption ,[object Object],[object Object],[object Object],[object Object],40 40 Registered all these domains
Forced Evolution ,[object Object],[object Object],[object Object],[object Object],[object Object],41 41 Insert presenter logo here on slide master
C&C Communication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],42 42 Insert presenter logo here on slide master
Faster Delivery ,[object Object],[object Object],[object Object],[object Object],[object Object],43 43 Insert presenter logo here on slide master
What Happens Next? And how do we stop these nasties? Insert presenter logo here on slide master
What happens next? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],45 45 Insert presenter logo here on slide master
What we’ll see more of... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],46 46 Insert presenter logo here on slide master
Supporting the current model ,[object Object],[object Object],[object Object]
How can this be stopped? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions Insert presenter logo here on slide master
How to apply this ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Insert presenter logo here on slide master

Recommended

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network securityRishabh Mehan
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De SouzaSymantec
 
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCPractical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCAlexandre Gouaillard
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO LinuxToshiharu Harada, Ph.D
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Kamaelia Grey
Kamaelia GreyKamaelia Grey
Kamaelia Greykamaelian
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against BotnetsJim Lippard
 

Recommended

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network securityRishabh Mehan
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De SouzaSymantec
 
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCPractical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCAlexandre Gouaillard
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO LinuxToshiharu Harada, Ph.D
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Kamaelia Grey
Kamaelia GreyKamaelia Grey
Kamaelia Greykamaelian
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against BotnetsJim Lippard
 
Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008HammerNJ
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu theviper0308
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Yahoo!デベロッパーネットワーク
 
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Codemotion
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceAlfredo Boiero Sanders
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018African Cyber Security Summit
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewbrouer
 
20150909_network_security_lecture
20150909_network_security_lecture20150909_network_security_lecture
20150909_network_security_lectureUniversity of Twente
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Satoshi Konno
 
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016DataStax
 
nullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgradenullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgraden|u - The Open Security Community
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with KamaeliaTimeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaeliakamaelian
 
Putting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetPutting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetAndrew Roughan
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

More Related Content

Similar to RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns

Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008HammerNJ
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu theviper0308
 
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Codemotion
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceAlfredo Boiero Sanders
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewbrouer
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Satoshi Konno
 
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016DataStax
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with KamaeliaTimeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaeliakamaelian
 
Putting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetPutting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetAndrew Roughan
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
 

Similar to RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns (20)

Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016
 
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big Data
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of view
 
20150909_network_security_lecture
20150909_network_security_lecture20150909_network_security_lecture
20150909_network_security_lecture
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016
 
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
 
nullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgradenullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgrade
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentation
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentation
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with KamaeliaTimeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
 
Putting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetPutting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internet
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TV
 

Recently uploaded

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns

  • 1. Lessons in Botnets: The After-effects of ISP Takedowns Alex Shipp Symantec Hosted Services Session ID: HT1-202 Session Classification: Advanced Insert presenter logo here on slide master
  • 2. AGENDA 2 Insert presenter logo here on slide master Brief History of Spamming ISP Takedowns Botnet Evolution What happens next?
  • 3. 3 A Brief History How spammers have changed over time 7 Insert presenter logo here on slide master
  • 4. Spam Volume History 4 MessageLabs Intelligence Insert presenter logo here on slide master
  • 5. Spamming Circa 2002 - Work from home! 5 Insert presenter logo here on slide master
  • 6.
  • 7.
  • 8. Example Spammer Tool - SendSafe Mailer 8 8 Insert presenter logo here on slide master
  • 9.
  • 10.
  • 11. Where are we now? 11 11 Insert presenter logo here on slide master
  • 12.
  • 13. ISP Takedowns The effect of removing rogue ISPs Insert presenter logo here on slide master
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. McColo Visual Badware 19 19 Image courtesy of Washington Post: http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html Insert presenter logo here on slide master
  • 20.
  • 21. Graph of spams/sec on our spamtrap 21 21 Insert presenter logo here on slide master
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. The McColo Effect 29 29 Insert presenter logo here on slide master
  • 30.
  • 31.
  • 32. Cutwail Shutdown 32 32 Insert presenter logo here on slide master
  • 33.
  • 34. The Current State of Botnets - end of 2009 34 34 Insert presenter logo here on slide master
  • 35. The Current State of Botnets - end of 2009 % of total spam 35 35 Insert presenter logo here on slide master
  • 36.
  • 37. Botnet Evolution They just won’t die!
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. What Happens Next? And how do we stop these nasties? Insert presenter logo here on slide master
  • 45.
  • 46.
  • 47.
  • 48.
  • 49. Conclusions Insert presenter logo here on slide master
  • 50.

Editor's Notes

  1. The takedown of four major ISPs over the past year has offered deep insight into spamming behavior and the life expectancy of some of the most powerful botnets ever known. With the demise of Intercage, McColo, Pricewert and Real Host, spam levels dropped to some of the lowest levels ever seen, but then quickly rose again in varying capacities. What have we learned about botnets from these landmark events and how can we use this intelligence to better track and defeat them?
  2. e.g. registering domain names was expensive when it got into the tens of names.