iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Damballa Responds To Kraken Criticisms
Search:
[ insider_reports_insider ]

Damballa Responds To Kraken Criticisms



David Utter
Staff Writer
2008-04-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


Security researchers at Damballa who discussed a big new botnet received lots of pushback from the security community.

Damballa Responds To Kraken Criticisms
Damballa Responds To Kraken Criticisms

When Damballa's Paul Royal discussed the size and scope of Kraken, he said it exceeded the size of the Storm botnet. Many took this surprising assessment with a dose of skepticism; Damballa received significant challenges to their research.

"There are many detection names for "Kraken"; Oderoor, Bobax, Agent, and many more," security vendor F-Secure said. "We believe that there is a single group of people behind Kraken, updating their malware as time goes by. It's not new, it's just a new generation of something older."

Brian Krebs at the Washington Post said on Security Fix that Damballa managed to achieve its count of Kraken botnetted machines by serving as a host for a number of them in a kind of honeypot environment. Royal told Krebs the machines controlled by Damballa only receive Kraken traffic when bots try to connect to them, and there is no outgoing traffic.

Accusations that Damballa, a startup based in Atlanta with founder ties to Georgia Tech, simply repackaged Bobax to make a splash at RSA 2008 stung the new company. Royal responded to the suggestions with a response Damballa published yesterday.

Damballa believes Kraken and Bobax likely share some kind of common author or group connection. The two botnets operate similarly; Damballa's side by side comparison makes Kraken look like an evolved form of Bobax.

Royal's RSA talk also zapped the antivirus industry by claiming 80 percent of comuters with AV solutions don't detect Kraken. Krebs noted more recent results from testing at VirusTotal.com that put the number of AV solutions detecting Kraken at 50 percent.

Damballa appears to have a history of hyping their claims; doing so in front of the RSA audience was a particularly brassy move. Though they raise genuine concerns about Internet security and AV effectiveness, the method to do so leaves a lot to be desired.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds