[PCBSD-malaysia] Fwd: [Public Shadowserver] Where are the "other" Botnets

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Wed Apr 7 18:29:05 PDT 2010

Just for your thought

---------- Forwarded message ----------
From: Robert Lock <rloc at capeautomation.co.za>
Date: Thu, Apr 8, 2010 at 6:53 AM
Subject: [Public Shadowserver] Where are the "other" Botnets
To: public at mail.shadowserver.org

Hi all, as an interested layman (and NOT a wannabe security expert), I
am surprised at the demographics of Botnet and general Malware

Some observations:

1. Almost all information concerning such nasty stuff seems to emanate
from the US and Canada with a small scattering of analyses from
Europe. Perhaps not surprising since most AV vendors are resident in
those parts of the world?

2. The terms “Cyberwar” and “WWW Conflict zone” among others are being
increasingly used to describe a state of low level international
sparring, but with the caveat that this state may escalate into much
more serious levels of real conflict which could result in a shut down
of a power generating utility for example. A runaway nuclear plant or
the disabling of a stock exchange or two ranks a little higher on the
“Oh Shit” factor.

3. There seems to be inordinate focus on what is currently newsworthy
such as the “ghostnet” exposure and the newer “shadow” exploit.

So some questions…

Despite trawling the www, newsgroups etc, I have found velatively few
sources of (broadly speaking), Internet security / analysis sites
outside of the US and Canada. Are they in fact less common or am I
just an inept searcher? If they ARE less common, is this purely a
result of financial muscle on the part of the US based vendors and
research groups or is there some other reason that escapes me?

Given the high amplitude of the Cyberwar threat, I have to ask some
questions about the politics of these activities.

If I summarise the information I have found recently (last 12 months
or so), about major politically or crime based intrusions / Botnets /
Trojans / etc it would seem that the entire world is at siege from the
Sichuan Province in China with a few lesser entities hanging on to its
digital coattails. I am perhaps naively excluding incidents of rampant
stupidity where a memory stick with pension data is left on a counter
top in a shop in London…

Is this apparently one – sided situation really the case?

Is the “West” in some kind of digital bunker where the likes of
Glacier and Sunwear, strut their stuff outside the walls looking for
small imperfections in the brickwork to bring the entire wall down?

Back to my heading of this mail –

Given the immense financial resources of the US and the EU as well as
good old OZ and NZ, where are the counter Botnets and rogue sniffing /
interception networks set up by these so called “good guys”? Aren’t
these countries supposed to host the Echelon and Carnivore all
encompassing watchdogs of every digital activity their citizens choose
to exercise? I Live in South Africa btw so I am assuming certain facts
which may not be true. Basic warfare techniques dictate that you don’t
show your hand, so I fully understand why any US based security
company would not publish such lavish data against its own kind such
as exposing the US equivalent of Ghostnet for example, but the total
press absence of the existence of any such counter surveillance bodies
prompts my question.

Is there any activity on the part of the West in the broadest sense of
the word, to engage in active techniques of interception and
encouraging of involuntary information leakage etc?

I am led to believe the NSA has been allocated a supernatural sum of
money to be dedicated to information warfare but much of their efforts
seem to be either directed inwards towards excessive surveillance of
their own people or simply misdirected toward “Star Wars” projects
which don’t seem to have much sense of reality. Is this a reasonable

Given the potential magnitude of cybercrime as evidenced in  the
Ghostnet and Shadow analyses, I would think that aggressive counter
surveillance and compromising of strategic assets would have been a
top priority for the Western Governments but there seems to be nothing
happening on that front. Where is the “Western” equivalent of
Ghostnet”? Why are almost all major cybercrime events reported to be
of Chinese origin against Western entities? Can it be that the mighty
Western Bloc is passive in this onslaught or don’t we know what to do?

I sense that a disinformation campaign may be at work here. WW 2 radio
reports were highly selective of the content of their air time and I
suspect that we have a similar situation in the trenches of our newest
and most ephemeral battlefield which is the space between the
mouseclick and the entire world. Is there really nothing going on from
the West? If I were fluent in Mandarin, Hindi, Tamil or Russian
dialects, would I be asking this question or looking at Cyrillic
websites in a vain attempt to harden my PC against the latest NSA
Trojan or the newest version of the Obama Botnet?

Some of this was tongue in cheek but only some – comments and
responses would be welcome.


Public mailing list
Public at mail.shadowserver.org

More information about the PCBSD-malaysia mailing list