Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Storm Worm Being Reduced to a Squall

Posted by Zonk on Sun Oct 21, 2007 12:23 PM
from the blood-pressure-lowering-sight-returning dept.
Security Worms IT
Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

Related Stories

[+] Storm Worm Botnet Partitions May Be Up For Sale 192 comments
Bowling for cents writes "There is evidence that the massive Storm Worm botnet is being broken up into smaller networks, and a ZDNet post thinks that's a surefire sign that the CPU power is up for sale to spammers and denial-of-service attackers. The latest variants of Storm are now using a 40-byte key to encrypt their Overnet/eDonkey peer-to-peer traffic, meaning that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities."
This discussion has been archived. No new comments can be posted.
Storm Worm Being Reduced to a Squall | Log In/Create an Account | Top | 183 comments | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • Spread of Windows (Score:3, Interesting)

    by Prysorra (1040518) on Sunday October 21, @12:25PM (#21064185)
    Anyone else think that the rather lax enforcement of Windows piracy is helping to create the possibility of massive botnets?

    Just wondering.

  • Good (Score:5, Funny)

    by Colin Smith (2679) on Sunday October 21, @12:30PM (#21064227)
    Now that it's down to 5 million we can all breathe a sigh of relief...

     

  • Oblig. (Score:2, Interesting)

    by The Living Fractal (162153) <execyte@noSPam.execyte.com> on Sunday October 21, @12:33PM (#21064249)
    (http://www.execyte.com/)
    Couldn't this just be the 'eye' of the Storm?

    Or is it possible that Windows boxes really are just getting more secure? Ohh shit I asked THAT on Slashdot?! Charles Stross will have my soul. /owenwilson

  • don't be sure (Score:5, Insightful)

    by phantomfive (622387) on Sunday October 21, @12:49PM (#21064359)
    (http://cs.byuh.edu/~andrew | Last Journal: Friday October 12, @12:12AM)
    The researcher determined this with a spider he created to crawl the storm network. How does he know that the network is shrinking and not just being partitioned? [slashdot.org]

    Furthermore, the storm virus is known to be updatable. Is it possible it was updated to be even less obtrusive, thus escaping detection in other ways? Maybe it has gone into dormant mode, because the creator doesn't need so many computers at the moment.

    One interesting innovation of the worm, quoted from the article:

    "If you're a researcher and you hit the pages hosting the malware too much... there is an automated process that automatically launches a denial of service [attack] against you," he said. This attack, which floods the victim's computer with a deluge of Internet traffic, knocked part of the UC San Diego network offline when it first struck.

    I think some part of me must be sick or something, because when I read about this I almost hope the worm will get bigger, become unstoppable, and reveal windows for the insecure piece of crap that it is. Linux, BSD, OSX, Solaris, and heck even Minux could clearly stand up to a threat like this much more easily than Windows.

    • Re:don't be sure (Score:5, Insightful)

      by John Hasler (414242) on Sunday October 21, @01:09PM (#21064513)
      > I think some part of me must be sick or something, because when I read about this I
      > almost hope the worm will get bigger, become unstoppable, and reveal windows for the
      > insecure piece of crap that it is.

      Already been done. Nobody cares.
      [ Parent ]
    • Re:don't be sure by MoogMan (Score:2) Sunday October 21, @01:33PM
      • Re:don't be sure by Master of Transhuman (Score:2) Sunday October 21, @03:07PM

      • Re:don't be sure (Score:5, Insightful)

        by phantomfive (622387) on Sunday October 21, @03:14PM (#21065543)
        (http://cs.byuh.edu/~andrew | Last Journal: Friday October 12, @12:12AM)

        Heh, I knew someone was going to trot out this old troll. The point is, it would be much easier to secure unix-type systems than windows-type systems. Compare Microsoft's budget to that of OpenBSD; now tell me, which is more secure?

        For it to be effective as a virus, it is going to have to install itself to startup somehow. What is going to do, add a line to my .bashrc? Add a script to /etc/rc.d? It can't do that, only root can, and I don't browse the internet as root. Nobody does.

        You may say, "it will prompt you for the password and idiot users will just type it" but you are showing your Windows bias. On windows, you get so many popup prompts that many users just ignore them and do whatever they ask. OSX has shown that it can be done differently, however. Ask any average OSX user what they would do if a downloaded attachment asked them for their root password, and they will say something to the effect of, "Freak out and delete it immmediately." It's because the warnings and prompts in OSX don't become annoying.

        Security on Windows is hard. For any vulnerability, it takes a lot more effort to fix on Windows than a similar vulnerability in a Unix system. In unix-world, fixing the OS is an option.

        [ Parent ]
    • Re:don't be sure by Master of Transhuman (Score:3) Sunday October 21, @03:10PM
    • Re:don't be sure by Deanalator (Score:2) Monday October 22, @11:53AM
    • Re:don't be sure by deviceb (Score:1) Monday October 22, @12:05PM
    • 1 reply beneath your current threshold.

  • Bullshit (Score:5, Interesting)

    by Anonymous Coward on Sunday October 21, @12:51PM (#21064383)
    Myself and some colleagues, along with a couple of anti-malware sites have been tracking Storm infections as best we can over the last couple of months. We've mostly been using honeypots, trapping SMTP traffic and utilizing some nslookup scripts to mine Storm's fast-fluxing domains. It has not shown any sign of shrinking, particularly not by a factor of 10.

    The only people who have ever estimated its size to be anywhere near 50 million hosts are paranoid tin-foil hat wearing security analysts and journalists looking to generate some ad revenue with a shocking headline or two. I've never seen any solid evidence pointing towards Storm being larger than 2-3 million hosts, so even assuming there is an exact science at work here, 1.5 million is far from a 10th of 2-3 million.

    This phenomenon would be a lot easier to combat if people would stop spreading bullshit stories such as this.

  • Oblig Inverse (Score:2, Funny)

    by hksdot (1128515) on Sunday October 21, @12:52PM (#21064389)
    I for one bid farewell to our swarm intelligence worm overlords.
    • 1 reply beneath your current threshold.

  • One question (Score:1)

    by edxwelch (600979) on Sunday October 21, @01:13PM (#21064533)
    It says that you get infected with the storm worm by clicking on a link in an email message. But it that an IE security hole? What happens if you use firefox? Are you safe?

  • Mac and Linux users (Score:1, Insightful)

    by gillbates (106458) on Sunday October 21, @01:19PM (#21064591)
    (http://www.angelfire.com/il/macroman | Last Journal: Friday March 30 2007, @07:17PM)

    Just breathed a collective sigh of relief...

    Oh wait, maybe they were just rolling their eyes and sighing. Honestly, don't mean to troll, but you Windows users put up with so much trouble an annoyance just so you can avoid learning how a computer actually works...

    Methinks you guys would be better off just biting the bullet and switching. Sure, Macs are more expensive, and Linux has a steep learning curve, but isn't it worth avoiding all of the frustration you're going experience over the rest of your tech lifetime? Or are you one of those folks who relishes the semi-annual Windows reinstall? Perhaps you like paying an annual license fee to keep your computer from getting infected with a virus?

    When you think about it, even if you don't factor in the cost of your time, Microsoft Windows systems are easily the most expensive systems to run on the planet, and the least useful (unless you expect your corporate users to play games all day...) Microsoft has been leveraging fear of the unknown to blackmail and intimidate non-technical users into supporting their monopoly, and the only winners I see in the whole thing are Microsoft and Intel. The users aren't any better off, and sysadmins risk their careers (not to mention their marriages!) on the capricious reliability and security of Windows systems.

    But I guess that's why there's an old saying: Fool me once, shame on you. Fool me twice, shame on me . Microsoft fooled me once. I'm not getting fooled again.

    • Re:Mac and Linux users (Score:4, Insightful)

      by TheRaven64 (641858) on Sunday October 21, @01:30PM (#21064685)
      (http://theravensnest.org/ | Last Journal: Sunday October 07, @07:05AM)

      Just breathed a collective sigh of relief... Oh wait, maybe they were just rolling their eyes and sighing.
      No, we get spam from Windows zombies the same as everyone else.
      [ Parent ]

    • Re:Mac and Linux users (Score:4, Insightful)

      by Torvaun (1040898) on Sunday October 21, @02:47PM (#21065357)
      Windows can be secured. I've got an XP desktop for gaming, and I run Linux on my laptop. Neither of them get viruses. My protection suite is all free software, so there's no annual fee there. And, if enough regular people switched to something with a Unix base, they'd have virus issues too. There are viruses and rootkits for systems other than Windows. They aren't prolific because the average moron who clicks everything is on Windows.

      Yes, those systems are more secure than Windows. No, they are not secure enough to deal with the assault of a wave of moronic users. Feel free to dream of an exodus away from Windows, but understand that nothing will change, even if your dream comes true.
      [ Parent ]

      • Yes, but at what cost? (Score:4, Interesting)

        by gillbates (106458) on Monday October 22, @12:35AM (#21068947)
        (http://www.angelfire.com/il/macroman | Last Journal: Friday March 30 2007, @07:17PM)

        Sure, you can secure Windows. You can also make Linux run Windows programs. If you're willing to put in the effort, I suppose you could run a web server on a C64 (Hey! Some people have!)

        But the point is that it's a lot more practical to just buy a Mac if you're a non-technical user. You get ease of use, with none of the security and stability problems of Windows.

        And if you are technical, and are going to put in the effort to learn a system in depth, why would you pick Windows? If you learn Linux, you can transfer that knowledge to working on UNIX systems, and the usefulness of your knowledge isn't subject to the capricious actions of a convicted felon (Microsoft). Sure, you could secure Windows, but every time Redmond releases another version, your knowledge becomes obsolete.

        But there are a few additional points about Windows:

        1. Windows has at least one - if not two or three - orders of magnitude more security vulnerabilities than Linux or Mac. This alone suggests that the problem of Windows security is much greater than that of Linux or Mac security, regardless of the reason.
        2. A Windows system requires constant patching to remain relatively secure, and even so, there's always a small window of opportunity when even fully patched systems are vulnerable. (i.e, the time between the black hats discovering the exploit and the time white hats find it; and the time between notification and the time Microsoft is able to issue an update). Even though you are fully patched, your system still contains vulnerabilities yet undiscovered by the security researchers, but known to black hats.
        3. Constant patching is not a viable option for most companies which must test patches for interoperability. In many cases, a company's own internal testing takes longer than it takes hackers to publish an exploit for the vulnerability. In such cases, their machines are never truly secure, even though they patch constantly.
        4. You don't have the source code, so you can't audit it. Given that Microsoft was recently caught modifying files on their customers' computers without their consent, this is very troubling. You can't trust Microsoft to do what they say they will, nor can you verify they are.
        5. You don't control what gets turned on by default, and sometimes a major, required component of Windows has security flaws (Blaster, anyone?). With UNIX like system, you can simply strip the box down to the bare minimum to achieve greater security.
        6. Windows has a maze of interdependencies which often means that you simply cannot uninstall a problematic part of the OS. Take IE for example - though it can technically be uninstalled, it is required by even the most basic OS functions, which means that removing it is not a realistic option for the end user. Yet it continues to be a wellspring of security problems, made even worse by the fact that it isn't practical to run a system without it.

        So sure, you can make Windows relatively secure, compared to other Windows boxes. But for the same amount of effort, you could secure a Linux machine to a much greater degree, and have a stable, trustworthy system as well. Sure, neither system is perfect, but for the effort you expend, you get a much better system by installing Linux or buying a Mac.

        And I suppose a slashdot post wouldn't be complete without some anecdotal evidence. In the 10 years that I've been in the industry, every single one of my Windows using relatives have needed me to recover one of their crashed/unstable/unusably slow Windows systems. In fact, prior to XP, I had only met one person who both ran Windows and had not had it crash on them. And yet, even though Apple commands about 10% of the market, I have only once been asked if I could recover an Apple computer. And even then, it took only about 1/2 hour, and the guy didn't lose any of his data (he tried to update OS X, and botched it, but even then, he still was able to reco

        [ Parent ]
      • Re:Mac and Linux users by networkassault (Score:1) Monday October 22, @02:01AM
      • 1 reply beneath your current threshold.
    • Re:Mac and Linux users by bigstrat2003 (Score:2) Sunday October 21, @03:16PM
    • Re:Mac and Linux users by creativeHavoc (Score:2) Sunday October 21, @04:05PM
    • Re:Mac and Linux users by Blakey Rat (Score:2) Sunday October 21, @06:03PM
    • 3 replies beneath your current threshold.

  • Storm (Score:1, Interesting)

    by Tibixe (1138927) on Sunday October 21, @01:25PM (#21064647)
    An unstoppable botnet... quite beautiful. (Well, unstoppable as long as Windows is not exactly secure.) I know it's probably done for money, but wouldn't it be funny if ten years later someone announced he made the Storm to compute big prime numbers, and he found 10000 more than ever? :) By the way, what is the use of big computers/networks if not maths?

  • ...reduced to a Squall (Score:4, Funny)

    by Wonko the Sane (25252) <wts42@yahoo.com> on Sunday October 21, @02:27PM (#21065189)
    (Last Journal: Sunday May 20, @05:49PM)
    So it now has a scar on it's face, and carries a sword-gun?

  • Not compatible with linux:( (Score:1)

    by the_one(2) (1117139) on Monday October 22, @07:54AM (#21070965)
    I'm afraid you can't run the storm virus in wine ( at least not the standard windows version ) when will it be the year of linux on desktop?

  • A Lull? (Score:1)

    by fuliginous (1059354) on Monday October 22, @08:48AM (#21071459)
    I thought the Storm worm was sufficiently capable and also directed that it could lay silent. So it could just be that they are having it lay low at the moment whilst performing an upgrade?

  • So many comments, so many mistaken terms... (Score:1)

    by BrianGKUAC (919321) on Monday October 22, @02:10PM (#21075589)
    I'm sorry to have to post this, but it seems like a more and more prolific problem.

    Macs are computers.

    The operating system that runs on them is OS X.

    The company that makes them is Apple (APPL).

    Linux is a kernel for an operating system, whereas Windows is a full operating system.

    You don't say "Macintosh did something to OS X" for exactly the same reason as you don't say "Optiplex GX620 added more features to Windows."

    If you're talking about a company, talk about the company... if a product line, talk about the product line. If you're referring to an Operating System, please reference the Operating System.

    I'm sorry, I'll return to my hole now... /rant
  • Your thinking of botnets in the 1990s. This is 2007, Storm communicates with a hacked version of the eDonkey p2p protocol, and redirects all P2P traffic and DNS requests through nodes acting as proxies to the "motherships", so it's much harder to track. All P2P traffic is encrypted with 40 BYTE encryption (not 40 bit mind you).
    [ Parent ]

  • Re:looking for details on storm botnet control (Score:2, Redundant)

    by bucky0 (229117) on Sunday October 21, @12:54PM (#21064409)
    From what I remember, there's no central IRC control. The bots all join in a p2p network and share files with commands to be executed. The herder uploads a command file with a specific (spoofed) hash, and the bots spread them over the P2P network to the whole network. The reason noone's been able to pull the plug is because there's no central IRC server that people can target, the commands are just files on a p2p network.
    [ Parent ]

  • Re:90 % decrease smells fishy... (Score:2)

    by hasbeard (982620) on Sunday October 21, @02:35PM (#21065247)
    I think I recently saw something about Microsoft pushing out an update that supposed to have cleaned a lot of these machines.
    [ Parent ]

  • Re:Advice Please (Score:2, Funny)

    by iogan (943605) on Sunday October 21, @04:17PM (#21066053)
    (http://annonsbevakaren.com/)
    It might be diet related. Get her to eat more healthy food, and then see what happens.
    [ Parent ]
  • I've no mod points. Parent links to reasonably informative article. Thx.
    [ Parent ]
  • 5 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.