[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)
Parth Shukla
pparth at auscert.org.au
Thu May 30 13:53:18 EST 2013
Hi All,
Seems my last email generated some interesting back and forth between
people. As I'm sending this from my official work address, I don't want to
comment on it or respond to them. I may follow up with my private thoughts
from my personal address later.
I just want to thank everyone who replied to me off-list to help me locate
contacts for these carriers. I have now found a contact in TPG and iiNet.
More contacts from Telstra also surfaced. Judging from another thread on
AusNOG it seems that someone from Optus might not be on this mailing list,
so I'll try different avenues. Worst comes to worst, I might even end up
calling their general helpline and hope that I can convince the 'helpdesk'
to put me in touch with someone in network security! Fingers crossed it
won't come to that >_<
Anyway, thanks guys. If there are any more interesting developments on this
project, I'll post to the list again.
Cheers,
Parth
Parth Shukla | Information Security Analyst
AusCERT | Australia's premier computer emergency response team
The University of Queensland | Brisbane QLD 4072 | Australia
t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>
Save a tree. Don't print this e-mail unless it's really necessary
From: Parth Shukla [mailto:pparth at auscert.org.au]
Sent: Wednesday, 29 May 2013 11:05 AM
To: ausnog at lists.ausnog.net
Subject: RE: Analysis of the Carna Botnet (Internet Census 2012)
Hey all,
I am still looking for contacts for: TPG, Optus and iiNet!
Someone did kindly forward my email to iiNet security team so I'll wait a
day or two more to hear from them still.
Anyone? Anything?!
Cheers,
Parth
Parth Shukla | Information Security Analyst
AusCERT | Australia's premier computer emergency response team
The University of Queensland | Brisbane QLD 4072 | Australia
t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>
Save a tree. Don't print this e-mail unless it's really necessary
From: Parth Shukla [mailto:pparth at auscert.org.au]
Sent: Tuesday, 28 May 2013 12:39 PM
To: ausnog at lists.ausnog.net
Subject: Re: Analysis of the Carna Botnet (Internet Census 2012)
Hi All,
I'm hoping most of you have had a chance to at least have a quick look at my
presentation by now.
I'm now after technical contacts for three of the four most prominent
Telco's that are present in the Australian data (slide 44 of my
presentation). I am hoping to work with someone fairly technical in helping
deal with the problem of vulnerable devices through default logins on telnet
on their infrastructure.
I'm after (generic and/or non-generic) technical and security focused
contact details for: TPG, Optus and iiNet.
The IP ranges for these three and Telstra represent 75% of compromised
devices in Australia. I already have generic email for Telstra which I'll
use but if someone here form Telstra wants to contact me directly please
feel free.
Could someone from these three please contact me off-list? If someone has
good contacts in any of them, could you either a) forward my email to them
asking them to contact me or b) email me their contact details off-list?
I will be providing them with the part of the data that is relevant to their
network.
Cheers,
Parth
Parth Shukla | Information Security Analyst
AusCERT | Australia's premier computer emergency response team
The University of Queensland | Brisbane QLD 4072 | Australia
t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>
Save a tree. Don't print this e-mail unless it's really necessary
From: Parth Shukla [mailto:pparth at auscert.org.au]
Sent: Friday, 24 May 2013 7:45 PM
To: ausnog at lists.ausnog.net
Subject: Analysis of the Carna Botnet (Internet Census 2012)
Dear All,
I have made my presentation on the Carna Botnet freely available for view
and/or download: http://bit.ly/auscertcarna
This presentation is on the Compromised Devices of the Carna Botnet (also
known as Internet Census 2012). This analysis is done from data obtained
directly from the researcher. The data used is NOT publicly available for
download.
This was recently presented at the AusCERT Conference 2013. Info:
http://conference.auscert.org.au/conf2013/speaker_Parth_Shukla.html
This presentation is freely available for viewing and downloading as I wish
to spread awareness of the issues raised as a result of the Carna Botnet.
I am sending this email as I suspect many of you will find the contents of
this presentation interesting. Apologies to those who are subscribed to
multiple mailing lists and are receiving this email multiple times as a
result. Please forward this onto any mailing list or any individual who you
think may appreciate the contents of the presentation.
Regards,
Parth
Parth Shukla | Information Security Analyst
AusCERT | Australia's premier computer emergency response team
The University of Queensland | Brisbane QLD 4072 | Australia
t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au
<http://www.auscert.org.au/>
Save a tree. Don't print this e-mail unless it's really necessary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130530/50f884e5/attachment.html>
More information about the AusNOG
mailing list