[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Parth Shukla pparth at auscert.org.au
Thu May 30 13:53:18 EST 2013


Hi All,

 

Seems my last email generated some interesting back and forth between
people. As I'm sending this from my official work address, I don't want to
comment on it or respond to them. I may follow up with my private thoughts
from my personal address later.

 

I just want to thank everyone who replied to me off-list to help me locate
contacts for these carriers. I have now found a contact in TPG and iiNet.
More contacts from Telstra also surfaced. Judging from another thread on
AusNOG it seems that someone from Optus might not be on this mailing list,
so I'll try different avenues. Worst comes to worst, I might even end up
calling their general helpline and hope that I can convince the 'helpdesk'
to put me in touch with someone in network security! Fingers crossed it
won't come to that >_<

 

Anyway, thanks guys. If there are any more interesting developments on this
project, I'll post to the list again.

 

Cheers,

Parth

 

Parth Shukla | Information Security Analyst

AusCERT | Australia's premier computer emergency response team 

The University of Queensland | Brisbane QLD 4072 | Australia

t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>     

 


Save a tree. Don't print this e-mail unless it's really necessary  

 

From: Parth Shukla [mailto:pparth at auscert.org.au] 
Sent: Wednesday, 29 May 2013 11:05 AM
To: ausnog at lists.ausnog.net
Subject: RE: Analysis of the Carna Botnet (Internet Census 2012)

 

Hey all,

 

I am still looking for contacts for: TPG, Optus and iiNet! 

 

Someone did kindly forward my email to iiNet security team so I'll wait a
day or two more to hear from them still.

 

Anyone? Anything?!

 

Cheers,

Parth

 

Parth Shukla | Information Security Analyst

AusCERT | Australia's premier computer emergency response team 

The University of Queensland | Brisbane QLD 4072 | Australia

t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>     

 


Save a tree. Don't print this e-mail unless it's really necessary  

 

From: Parth Shukla [mailto:pparth at auscert.org.au] 
Sent: Tuesday, 28 May 2013 12:39 PM
To: ausnog at lists.ausnog.net
Subject: Re: Analysis of the Carna Botnet (Internet Census 2012)

 

Hi All,

 

I'm hoping most of you have had a chance to at least have a quick look at my
presentation by now. 

 

I'm now after technical contacts for three of the four most prominent
Telco's that are present in the Australian data (slide 44 of my
presentation). I am hoping to work with someone fairly technical in helping
deal with the problem of vulnerable devices through default logins on telnet
on their infrastructure.

 

I'm after (generic and/or non-generic) technical and security focused
contact details for: TPG, Optus and iiNet. 

 

The IP ranges for these three and Telstra represent 75% of compromised
devices in Australia. I already have generic email for Telstra which I'll
use but if someone here form Telstra wants to contact me directly please
feel free.

 

Could someone from these three please contact me off-list? If someone has
good contacts in any of them, could you either a) forward my email to them
asking them to contact me or b) email me their contact details off-list?

 

I will be providing them with the part of the data that is relevant to their
network.

 

Cheers,

Parth

 

Parth Shukla | Information Security Analyst

AusCERT | Australia's premier computer emergency response team 

The University of Queensland | Brisbane QLD 4072 | Australia

t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>     

 


Save a tree. Don't print this e-mail unless it's really necessary  

 

From: Parth Shukla [mailto:pparth at auscert.org.au] 
Sent: Friday, 24 May 2013 7:45 PM
To: ausnog at lists.ausnog.net
Subject: Analysis of the Carna Botnet (Internet Census 2012)

 

Dear All,

 

I have made my presentation on the Carna Botnet freely available for view
and/or download: http://bit.ly/auscertcarna

 

This presentation is on the Compromised Devices of the Carna Botnet (also
known as Internet Census 2012). This analysis is done from data obtained
directly from the researcher. The data used is NOT publicly available for
download.

 

This was recently presented at the AusCERT Conference 2013. Info:
http://conference.auscert.org.au/conf2013/speaker_Parth_Shukla.html

 

This presentation is freely available for viewing and downloading as I wish
to spread awareness of the issues raised as a result of the Carna Botnet.

 

I am sending this email as I suspect many of you will find the contents of
this presentation interesting. Apologies to those who are subscribed to
multiple mailing lists and are receiving this email multiple times as a
result. Please forward this onto any mailing list or any individual who you
think may appreciate the contents of the presentation.

 

Regards,

Parth

 

Parth Shukla | Information Security Analyst

AusCERT | Australia's premier computer emergency response team 

The University of Queensland | Brisbane QLD 4072 | Australia

t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>     

 


Save a tree. Don't print this e-mail unless it's really necessary  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130530/50f884e5/attachment.html>


More information about the AusNOG mailing list