2010年3月24日 星期三

FW: [NewsBank] The Biggest Cloud Providers Are Botnets


-------------------------------------------
From: Paul Ferguson (RD-US)
Sent: Thursday, March 25, 2010 11:45:42 AM
To: Ivan Macalintal (RD-US)
Cc: Newsbank
Subject: RE: [NewsBank] The Biggest Cloud Providers Are Botnets
Auto forwarded by a Rule


Yep, the Bad Guys ™ understood the “power of the cloud” long before anyone else.

 

-ferg

 

--

"Fergie", a.k.a. Paul Ferguson

 Threat Research,

 CoreTech Engineering

 Trend Micro, Inc., Cupertino, California USA

 

From: Ivan Macalintal (RD-US)
Sent: Wednesday, March 24, 2010 8:43 PM
To: Newsbank
Subject: [NewsBank] The Biggest Cloud Providers Are Botnets

 

The Biggest Cloud Providers Are Botnets

 

Posted by CmdrTaco on Tuesday March 23, @09:35AM

from the resistance-is-futile dept.

http://it.slashdot.org/story/10/03/23/1226241/The-Biggest-Cloud-Providers-Are-Botnets

 

Julie188 writes "Google is made up of 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwidth, according to cloud service provider Neustar.

Amazon comes in second with 160,000 systems, 320,000 CPUs and 400 Gbps of bandwidth, while Rackspace offers 65,000 systems, 130,000 CPUs and 300 Gbps.

 

But these clouds are dwarfed by the likes of the really big cloud services, otherwise known as botnets.

 

Conficker controls 6.4 million computer systems in 230 countries, with more than 18 million CPUs and 28 terabits per second of bandwidth."

 

See:   http://www.networkworld.com/community/node/58829

 

=================================================

The biggest cloud on the planet is owned by ... the crooks

Security expert says the biggest cloud providers are botnets

By Robert Mullins on Mon, 03/22/10 - 1:24pm.

http://www.networkworld.com/community/node/58829

 

This post has been updated to better explain the reach of the Conficker botnet and to clarify the current status of Conficker. Also, a new related post on the subject can be found here.

Who's got the biggest cloud in the tech universe? Google? Pretty big, but no. Amazon? Lots and lots of servers, but not even close. Microsoft? They're just getting started.

Household names all, but their capacity pales to that of the biggest cloud on the planet, the network of computers controlled by the Conficker computer worm. Conficker controls 6.4 million computer systems in 230 countries at 230 top level domains globally, more than 18 million CPUs and 28 terabits per second of bandwidth, said Rodney Joffe, senior vice president and senior technologist at the infrastructure services firm Neustar.

The biggest cloud on the planet is controlled by a vast criminal enterprise that uses that botnet to send spam, hack computers, spread malware and steal personal information and money, Joffe said.

In other words, the cloud is mobbed up.

Joffe explained how Conficker meets the definition of a cloud service provider in a presentation at the Cloud Connect conference held last week in Santa Clara, Calif.

Like legitimate cloud vendors, Conficker is available for rent and is just about anywhere in the world a user would want their cloud to be based. Users can choose the amount of bandwidth they want, the kind of operating system they want to use and more. Customers have a variety of options for what services to put in the Conficker cloud, be it a denial-of-service attack, spam distribution or data exfiltration.

UPDATE: Joffe said Conficker has not been as active as it once was, but is still a threat. The last reported attack was in February on the network of the Manchester, UK, police department. Joffe said  the last major Conficker attack was in April 2009.

Conficker is much more competitive than those legit vendors in many ways, Joffe continued. It has much more experience, dating back to 1998, has a larger footprint and unlimited new resources as it spreads malware far and wide to take over more computers.

"And there are no costs. And there are no moral, ethical or legal constraints," Joffe said, to chuckles from the audience. After all, the criminals stole their computing capacity from someone else.

By the way, the biggest legitimate cloud provider is Google, based on Joffe's information, made up of 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwdith. Amazon comes in second with 160,000 systems, 320,000 CPUs and 400 Gbps of bandwidth, while Rackspace offers 65,000 systems, 130,000 CPUs and 300 Gbps.

Joffe described the vastness of the Conficker cloud to make a point that companies need to do their homework as they decide to sign up for cloud computing services as well as how to run their own IT systems. They should study up on botnets like Conficker, protect their own infrastructure and applications and assume they'll someday be a target of botnets because "they're great learners," he said.

And when a company does subscribe to a cloud computing service, make sure the provider is aware of your general "behavior," he said, such as usual patterns of compute cycles and other signs. They have a name for cloud clients whose behavior becomes abnormal, meaning they could have been compromised, Joffe said: black clouds.

沒有留言: