Damballa Responds To Kraken Criticisms

Thursday, April 10, 2008 by Mistlee

Can't see any images? - !

Top Security News

Online Criminals Outsource Their Work
A study by security vendor Finjan suggested a trend in criminal behavior has them farming work out to established rings with a technology infrastructure...

Google Street View Becomes Driveway View
While one Pittsburgh couple sues Google over its Street View pictures of their residence, another neighboring home found itself the focus of a Google camera car that drove up its driveway. No word yet on whether...

Identity Info Breaches Hitting Everywhere In 2008
Commercial businesses, colleges and universities, government offices, and medical facilities of varying sizes share the common label of being hit by identity...

RealPlayer, QuickTime Get Urgent Updates
Fixes for both products emerged to counter threats against vulnerabilities in these popular multimedia applications. Popular multimedia applications...

David A. Utter

Damballa Responds To Kraken Criticisms

Security researchers at Damballa who discussed a big new botnet received lots of pushback from the security community.

When Damballa's Paul Royal discussed the size and scope of Kraken, he said it exceeded the size of the Storm botnet. Many took this surprising assessment with a dose of skepticism; Damballa received significant challenges to their research.

"There are many detection names for "Kraken"; Oderoor, Bobax, Agent, and many more," security vendor F-Secure said. "We believe that there is a single group of people behind Kraken, updating their malware as time goes by. It's not new, it's just a new generation of something older."

Call Today For a Free Domain Consult

Brian Krebs at the Washington Post said on Security Fix that Damballa managed to achieve its count of Kraken botnetted machines by serving as a host for a number of them in a kind of honeypot environment. Royal told Krebs the machines controlled by Damballa only receive Kraken traffic when bots try to connect to them, and there is no outgoing traffic.

Accusations that Damballa, a startup based in Atlanta with founder ties to Georgia Tech, simply repackaged Bobax to make a splash at RSA 2008 stung the new company. Royal responded to the suggestions with a response Damballa published yesterday.

Damballa believes Kraken and Bobax likely share some kind of common author or group connection. The two botnets operate similarly; Damballa's side by side comparison makes Kraken look like an evolved form of Bobax.

Royal's RSA talk also zapped the antivirus industry by claiming 80 percent of comuters with AV solutions don't detect Kraken. Krebs noted more recent results from testing at VirusTotal.com that put the number of AV solutions detecting Kraken at 50 percent.

Damballa appears to have a history of hyping their claims; doing so in front of the RSA audience was a particularly brassy move. Though they raise genuine concerns about Internet security and AV effectiveness, the method to do so leaves a lot to be desired.

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
SecurityProNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com NetworkNewz.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com

About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security.

Advertising Newsletters Corporate Info Site Map Support
© 2008  SecurityProNews. An email newsletter.
, Inc. 2549 Richmond Rd. Lexington KY, 40509
All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us.
SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.

Unsubscribe from SecurityProNews.
To unsubscribe from SecurityProNews or any other iEntry publication, simply send an email request to: support@ientry.com
SecurityProNews About Us News Archives Feedback