North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: mitigating botnet C&Cs has become useless
- From: Rick Wesson
- Date: Tue Aug 08 19:52:56 2006
this isn't fun, comments in line.
Sean Donelan wrote:
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
Why did you attribute responsibility for the cost only to the consumer
ISP? How much of the cost should be attributed the PC OEM, or the
software developers, or the American business, or the ....?
Because the numbers are significant. Finding any entity that could
provide a choke-point for 4% of business side id-theft is an interesting
exercise and of significant value to the community.
you want to talk economics? Its not complicated to show that
mitigating key-logging bots could save American business 2B or 4% of
=losses to identity theft -- using FTC loss estimates from 2003
What are the economics of American businesses mitigating key-logging bots?
there is no detectable mitigation, the slope of the infection rate
continues to rise.
How much security would you get for an additional $20 per year per on-line
user? Spending more than the losses wouldn't save American business money.
depends on how it is spent