SlideShare a Scribd company logo

RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns

Symantec Hosted Services
Symantec Hosted Services

RSA Conference 2010 Lessons in Botnets: The After-effects of ISP Takedowns Alex Shipp Symantec Hosted Services Session ID: HT1-202 Session Classification: Advanced The takedown of four major ISPs over the past year has offered deep insight into spamming behavior and the life expectancy of some of the most powerful botnets ever known. With the demise of Intercage, McColo, Pricewert and Real Host, spam levels dropped to some of the lowest levels ever seen, but then quickly rose again in varying capacities. What have we learned about botnets from these landmark events and how can we use this intelligence to better track and defeat them?

Technology
1 of 50
Lessons in Botnets: The After-effects of ISP Takedowns Alex Shipp Symantec Hosted Services Session ID: HT1-202 Session Classification: Advanced Insert presenter logo here on slide master
AGENDA 2 Insert presenter logo here on slide master Brief History of Spamming ISP Takedowns Botnet Evolution What happens next?
3 A Brief History How spammers have changed over time 7 Insert presenter logo here on slide master
Spam Volume History 4 MessageLabs Intelligence Insert presenter logo here on slide master
Spamming Circa 2002 - Work from home! 5 Insert presenter logo here on slide master
Spamming Circa 2002 ,[object Object],[object Object],[object Object],[object Object],[object Object],6 6 Insert presenter logo here on slide master
What Changed? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],7 7 Insert presenter logo here on slide master
Example Spammer Tool - SendSafe Mailer 8 8 Insert presenter logo here on slide master
Spam Laws (US) ,[object Object],[object Object],[object Object],[object Object],[object Object],9 Insert presenter logo here on slide master
2004 - The Game Changer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],10 Insert presenter logo here on slide master
Where are we now? 11 11 Insert presenter logo here on slide master
A Massive Underground Spam Economy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],12 12 Insert presenter logo here on slide master
ISP Takedowns The effect of removing rogue ISPs Insert presenter logo here on slide master
Intercage/Atrivo - 2008 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],14 Insert presenter logo here on slide master
Intercage shutdown – 08 Sept 2008 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],15 15 Insert presenter logo here on slide master
Ozdok/Mega-D ,[object Object],[object Object],16 16 Insert presenter logo here on slide master
Intercage - the aftermath ,[object Object],[object Object],[object Object],[object Object],[object Object],17 17 Insert presenter logo here on slide master
McColo - the big bad ISP ,[object Object],[object Object],[object Object],[object Object],[object Object],18 18 Insert presenter logo here on slide master
McColo Visual Badware 19 19 Image courtesy of Washington Post: http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html Insert presenter logo here on slide master
What happened? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],20 20 Insert presenter logo here on slide master
Graph of spams/sec on our spamtrap 21 21 Insert presenter logo here on slide master
Which Botnets? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],22 22 Insert presenter logo here on slide master
Asprox ,[object Object],[object Object],[object Object],[object Object],[object Object],23 23 Insert presenter logo here on slide master
Gheg ,[object Object],[object Object],[object Object],[object Object],[object Object],24 24 Insert presenter logo here on slide master
Srizbi ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],25 25 Insert presenter logo here on slide master
Cutwail ,[object Object],[object Object],26 26 Insert presenter logo here on slide master
Bobax ,[object Object],[object Object],[object Object],27 27 Insert presenter logo here on slide master
What happened next? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],28 28 Insert presenter logo here on slide master
The McColo Effect 29 29 Insert presenter logo here on slide master
Pricewert/3FN ,[object Object],[object Object],[object Object],[object Object],30 30 Insert presenter logo here on slide master
Cutwail ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],31 31 Insert presenter logo here on slide master
Cutwail Shutdown 32 32 Insert presenter logo here on slide master
Cutwail Shutdown - Recovery ,[object Object],[object Object],[object Object],33 33 Insert presenter logo here on slide master
The Current State of Botnets - end of 2009 34 34 Insert presenter logo here on slide master
The Current State of Botnets - end of 2009 % of total spam 35 35 Insert presenter logo here on slide master
Overall Effect of ISP Takedowns ,[object Object],[object Object],[object Object],[object Object],[object Object],36 36 Insert presenter logo here on slide master
Botnet Evolution They just won’t die!
What can the bots do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],38 38 Insert presenter logo here on slide master
The Cutwail (Pricewert) Shutdown ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],39 39 Insert presenter logo here on slide master
Weak Encryption ,[object Object],[object Object],[object Object],[object Object],40 40 Registered all these domains
Forced Evolution ,[object Object],[object Object],[object Object],[object Object],[object Object],41 41 Insert presenter logo here on slide master
C&C Communication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],42 42 Insert presenter logo here on slide master
Faster Delivery ,[object Object],[object Object],[object Object],[object Object],[object Object],43 43 Insert presenter logo here on slide master
What Happens Next? And how do we stop these nasties? Insert presenter logo here on slide master
What happens next? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],45 45 Insert presenter logo here on slide master
What we’ll see more of... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],46 46 Insert presenter logo here on slide master
Supporting the current model ,[object Object],[object Object],[object Object]
How can this be stopped? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions Insert presenter logo here on slide master
How to apply this ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Insert presenter logo here on slide master

Recommended

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network securityRishabh Mehan
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De SouzaSymantec
 
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCPractical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCAlexandre Gouaillard
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO LinuxToshiharu Harada, Ph.D
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Kamaelia Grey
Kamaelia GreyKamaelia Grey
Kamaelia Greykamaelian
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against BotnetsJim Lippard
 

Recommended

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network securityRishabh Mehan
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De SouzaSymantec
 
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCPractical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYCAlexandre Gouaillard
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO LinuxToshiharu Harada, Ph.D
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Kamaelia Grey
Kamaelia GreyKamaelia Grey
Kamaelia Greykamaelian
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against BotnetsJim Lippard
 
Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008HammerNJ
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu theviper0308
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Yahoo!デベロッパーネットワーク
 
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Codemotion
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceAlfredo Boiero Sanders
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018African Cyber Security Summit
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewbrouer
 
20150909_network_security_lecture
20150909_network_security_lecture20150909_network_security_lecture
20150909_network_security_lectureUniversity of Twente
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Satoshi Konno
 
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016DataStax
 
nullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgradenullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgraden|u - The Open Security Community
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with KamaeliaTimeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaeliakamaelian
 
Putting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetPutting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetAndrew Roughan
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 

More Related Content

Similar to RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns

Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008HammerNJ
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu theviper0308
 
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Codemotion
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceAlfredo Boiero Sanders
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewbrouer
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Satoshi Konno
 
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016DataStax
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentationBrian Carpenter
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with KamaeliaTimeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaeliakamaelian
 
Putting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetPutting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetAndrew Roughan
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
 

Similar to RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns (20)

Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016
 
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
Introduction to Reactive Streams: Current & Future - Simone Bordet - Codemoti...
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big Data
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of view
 
20150909_network_security_lecture
20150909_network_security_lecture20150909_network_security_lecture
20150909_network_security_lecture
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016
 
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
Cassandra @ Yahoo Japan (Satoshi Konno, Yahoo) | Cassandra Summit 2016
 
nullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgradenullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgrade
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentation
 
Big bluebutton presentation
Big bluebutton presentationBig bluebutton presentation
Big bluebutton presentation
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with KamaeliaTimeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
Timeshift Everything, Miss Nothing - Mashup your PVR with Kamaelia
 
Putting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internetPutting an Apple IIgs BBS on the internet
Putting an Apple IIgs BBS on the internet
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TV
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

RSA2010: Alex Shipp - Lessons in Botnets: The After-effects of ISP Takedowns

  • 1. Lessons in Botnets: The After-effects of ISP Takedowns Alex Shipp Symantec Hosted Services Session ID: HT1-202 Session Classification: Advanced Insert presenter logo here on slide master
  • 2. AGENDA 2 Insert presenter logo here on slide master Brief History of Spamming ISP Takedowns Botnet Evolution What happens next?
  • 3. 3 A Brief History How spammers have changed over time 7 Insert presenter logo here on slide master
  • 4. Spam Volume History 4 MessageLabs Intelligence Insert presenter logo here on slide master
  • 5. Spamming Circa 2002 - Work from home! 5 Insert presenter logo here on slide master
  • 6.
  • 7.
  • 8. Example Spammer Tool - SendSafe Mailer 8 8 Insert presenter logo here on slide master
  • 9.
  • 10.
  • 11. Where are we now? 11 11 Insert presenter logo here on slide master
  • 12.
  • 13. ISP Takedowns The effect of removing rogue ISPs Insert presenter logo here on slide master
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. McColo Visual Badware 19 19 Image courtesy of Washington Post: http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html Insert presenter logo here on slide master
  • 20.
  • 21. Graph of spams/sec on our spamtrap 21 21 Insert presenter logo here on slide master
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. The McColo Effect 29 29 Insert presenter logo here on slide master
  • 30.
  • 31.
  • 32. Cutwail Shutdown 32 32 Insert presenter logo here on slide master
  • 33.
  • 34. The Current State of Botnets - end of 2009 34 34 Insert presenter logo here on slide master
  • 35. The Current State of Botnets - end of 2009 % of total spam 35 35 Insert presenter logo here on slide master
  • 36.
  • 37. Botnet Evolution They just won’t die!
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. What Happens Next? And how do we stop these nasties? Insert presenter logo here on slide master
  • 45.
  • 46.
  • 47.
  • 48.
  • 49. Conclusions Insert presenter logo here on slide master
  • 50.

Editor's Notes

  1. The takedown of four major ISPs over the past year has offered deep insight into spamming behavior and the life expectancy of some of the most powerful botnets ever known. With the demise of Intercage, McColo, Pricewert and Real Host, spam levels dropped to some of the lowest levels ever seen, but then quickly rose again in varying capacities. What have we learned about botnets from these landmark events and how can we use this intelligence to better track and defeat them?
  2. e.g. registering domain names was expensive when it got into the tens of names.