Storm Worm Being Reduced to a Squall 183
Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."
Spread of Windows (Score:3, Interesting)
Just wondering.
Re:Spread of Windows (Score:4, Funny)
Imagines SWAT teams dodging chairs as they storm Microsoft headquarters to screams of "You'll never take me alive copper!"
Re:Spread of Windows (Score:5, Funny)
It looks like you're trying to raid the Redmond campus. Would you like to:
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Maybe. (Score:2)
Anyone have any info on whether Microsoft's tool would detect it earlier?
Re: (Score:2, Insightful)
WGA raises the barrier of casual copying to lusers who's skill wouldn't have been enough to stop them getting pwned by some virus, and being incorporated into a botnet.
Re: (Score:2, Insightful)
Re: (Score:3, Informative)
It also appears that the Malicious Software Removal Tool [microsoft.com] doesn't require validation either.
So you can run the same malware removal tools on pirated versions of Windows as well.
Re:Spread of Windows (Score:5, Funny)
Fixed your link.
Re: (Score:3, Informative)
they do kind of.
If you want to run pirate windows without getting nags and you don't have access to a good (as in allocated by MS and not shitlisted because of wide distribution) corp key you have to either crack windows genunine advantage notifications or keep it off your system. Cracking it has the downside that MS could release an update at any time.
There are two easy ways to keep windows genuine advantage notifications off
Re: (Score:2, Informative)
Some security updates won't be installed even via Automatic Updates if WGA is not found to be installed on the machine. There's a programmed limit tied into a WGA check. It doesn't check if your system is genuine or not, but it checks if WGA is installed and operational. If it is, you get all hotfixes past a certain KB number. If it is found to be a defect WGA install, you only get those hotfixes that are excluded from the check. This is why Autopatcher was so useful. You c
Re: (Score:3, Interesting)
I've given up on windows activation, for much the same reasons as yourself. I seem to spend my weekends re-installing friends and neighbours windows PCs, and have either purchased, or legal access to, ALL the flavours of XP, (and Vista etc.)
The easiest installs (for 'office' too) are *always* the unattended, slipstreamed 'pirate' versions found on the net, (suitably checked, of course). Update the serial num
Re: (Score:3, Informative)
Also, I was responding to a claim that Microsoft witheld security updates for people who were running pirated versions of Windows. I provided a link from Microsoft that seems to indicate otherwise.
Why is this a problem? Are you saying that Microsoft is lying in their post?
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Insightful)
Why would anyone think that? Windows is Windows whether it's pirated or paid for. Is a drunk weaving through heavy traffic at 135kph any more or less of a menace if he's driving a stolen car rather than a car he "owns"?
Re: (Score:2)
IMO anti piracy measures are contributing to insecurity. The fact is that such measures WILL be cracked and those using cracked versions will be reluctant to install updates both from the point of view of MS possibly breaking thier system (I don't think WGA actually disables your system on XP but it does give annoying nag messages they could change it to be nastier at any time, sure yo
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2, Redundant)
* over the past six months, the number of made up statistics has TRIPLED! wiki it!
Good (Score:5, Funny)
Oblig. (Score:2, Interesting)
Or is it possible that Windows boxes really are just getting more secure? Ohh shit I asked THAT on Slashdot?! Charles Stross will have my soul.
Re:Oblig. (Score:4, Funny)
Windows boxes are getting more secure all the time.
But we can only guess when they will be ready for widespread use...
Re: (Score:2)
Re: (Score:3, Insightful)
I think the problem of viruses would be greatly reduced if people were less ignorant about how their behavior causes them to get viruses.
Windows can be an okay operating system security-wise, if people didn't do these things:
Run Internet Explorer: IE is buggy and and insecure. If everyone replaced it with Firefox with the NoScript plugin installed, you could watch how much fewer viruses there would be.
Re: (Score:2)
not that firefox is much better, iirc there are loads of reproducable crash bugs that aren't investigated because they don't affect enough users. I wonder how many of those would turn out to be worse than just crash bugs when investigated properly.
noscript may help a little but most users are just going to disable it for any site they want to visit that doesn't work properly without scripting.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2, Informative)
Re: (Score:2, Funny)
don't be sure (Score:5, Insightful)
Furthermore, the storm virus is known to be updatable. Is it possible it was updated to be even less obtrusive, thus escaping detection in other ways? Maybe it has gone into dormant mode, because the creator doesn't need so many computers at the moment.
One interesting innovation of the worm, quoted from the article:
I think some part of me must be sick or something, because when I read about this I almost hope the worm will get bigger, become unstoppable, and reveal windows for the insecure piece of crap that it is. Linux, BSD, OSX, Solaris, and heck even Minux could clearly stand up to a threat like this much more easily than Windows.
Re:don't be sure (Score:5, Insightful)
> almost hope the worm will get bigger, become unstoppable, and reveal windows for the
> insecure piece of crap that it is.
Already been done. Nobody cares.
Re: (Score:2)
Re: (Score:2)
Bzzzt! Wrong. There are many attack vectors for Storm's entry into someone's computer (one of which is indeed an OS vulnerability). AFAIK, the majority of the attack vectors rely on people downloading some bootstrapper program via their email or web browser. Nothing is going to stop this happening to a "normal" user on *NIX.
Re: (Score:2)
Of course, the Worm might be smart enough to trick the user into opening a port by popping up a message and requesting it masquerading as a legit program - but I
Re: (Score:2)
Re: (Score:2)
If none do, then Linux definitely is no better than Windows in this regard.
Re: (Score:2)
Blocking outbound by default would make a distro practically unusuable for anyone who didn't understand firewall configuration.
Re: (Score:2, Informative)
I've mostly used Debian-based Linux distributions, though I've also used Gentoo. I've installed Red Hat's enterprise solution, though I've never used it on the desktop. None of these have any special firewall beyond Netfilter (commonly called iptables.) Some are configured to block inbound packets that aren't part of an established connection, some don't have any rules by default (and use impli
Re: (Score:2)
Re:don't be sure (Score:5, Insightful)
Heh, I knew someone was going to trot out this old troll. The point is, it would be much easier to secure unix-type systems than windows-type systems. Compare Microsoft's budget to that of OpenBSD; now tell me, which is more secure?
For it to be effective as a virus, it is going to have to install itself to startup somehow. What is going to do, add a line to my .bashrc? Add a script to /etc/rc.d? It can't do that, only root can, and I don't browse the internet as root. Nobody does.
You may say, "it will prompt you for the password and idiot users will just type it" but you are showing your Windows bias. On windows, you get so many popup prompts that many users just ignore them and do whatever they ask. OSX has shown that it can be done differently, however. Ask any average OSX user what they would do if a downloaded attachment asked them for their root password, and they will say something to the effect of, "Freak out and delete it immmediately." It's because the warnings and prompts in OSX don't become annoying.
Security on Windows is hard. For any vulnerability, it takes a lot more effort to fix on Windows than a similar vulnerability in a Unix system. In unix-world, fixing the OS is an option.
Re: (Score:2)
Viruses on Linux would be easier to clean as long as the user isn't running as Root all the time (and the virus does
Re: (Score:2)
See, this is where it breaks down. If you are clever, I'm sure you can think of half a dozen ways to defend against this. The easiest I can think of in 10 seconds is to replace the .bashrc/.xinitrc with something standard every time a user logs in. A bit annoying, maybe; but effective.
This is why unix is so much easier to harden. Because of it is well-designed, there is much more flexibility when trying to think of a defense.
Re: (Score:2)
Keep in mind that Windows could re-image itself every time that the computer is restarted, or every X hours. The registry startup entries could be cleared, each boot. The problem is that you lose functionality with any of these solutions. They'r
Re: (Score:2)
There is just to much legacy on windows, period. The security architecture is probably *OK* now if best practic
Re: (Score:2)
Re: (Score:2)
It has always seemed to me that it would be pretty trivial for malware to hijack a users use of su/sudo/gksu/similar. The easiest way would be to modify the users bash profile and desktop menus so that instead of running the real elevation tool the users ran a program supplied by the malware. This program would then use the information it gathered to do both what the user wanted an
Re: (Score:2)
Then again, we're talking about the more ignorant userbase, so a wrapper in their home directory might go unnoticed.
Re: (Score:2)
for menu based stuff it is even easier, are you really going to notice a couple of menu item customisations?
Re: (Score:2)
You mean Windows XP, not Windows in general. As on Vista, almost everyone runs as non-admin.
Re: (Score:2)
I recently bought a new off-the-shelf computer with Vista. It was a Major Brand, so I imagine that there are a lot of this particular computer out there.
On this computer, Vista is set up such that the first user you create is in the Administrators group. What this means is that you never have to enter any passwords to do administrative tasks--you just have to click "Continue" a few dozen times. The user will probably do this to get back to whatever they're doing without even reading the prompt or
Re: (Score:2)
If you said Windows XP/2000 you would be right. Because on Vista almost everyone runs as non-admin and can comfortably elevate with per-app granularity if needed.
Re: (Score:2)
Re: (Score:2)
the point is that you're still running as admin
You're not. Read something about it.
If you think that the extra clicks makes it more secure
Yes, it does.
Re: (Score:2)
Re: (Score:2)
Uh, ever heard of privilege escalation vulnerabilities? FYI, these affect Linux too (both kernel and user-space apps like Firefox).
Re: (Score:2)
The issue is this: People (i.e. your average Joe). A normal user will fall for the same phishing scam regardless of the OS they run on. Once a rogue program gets onto your system, it really doesn't matter if it hasn't got root access. A few trivial solutions that come to mind, with a bit of thought I'm sure you can come up with many more:
- Adding it t
Re: (Score:3, Interesting)
The botnet has always been hard to figure out the size because of its policy of only allowing a limited number of immediate connections in its net. Partitioning and assigning control of sections to other people - and this would presumably entail cutting connections with other portions of the botnet completely in order to enforce "ownership" - would presumably make it look smaller than it is.
This guy may also be overconfident in the crawli
Re: (Score:2)
Also, the researcher is spidering multiple partitions. When one of the storm researchers gets a new variant with a new key, they extract that key, and then spider that partition. They may not have all of them, but from what I understand they have enough sources that they probably have most of them.
Bullshit (Score:5, Interesting)
The only people who have ever estimated its size to be anywhere near 50 million hosts are paranoid tin-foil hat wearing security analysts and journalists looking to generate some ad revenue with a shocking headline or two. I've never seen any solid evidence pointing towards Storm being larger than 2-3 million hosts, so even assuming there is an exact science at work here, 1.5 million is far from a 10th of 2-3 million.
This phenomenon would be a lot easier to combat if people would stop spreading bullshit stories such as this.
Re: (Score:3, Insightful)
Fire in the hole! (Score:2)
Whatever the case is, its a nasty piece of work. Theres precious little that'll stand up to that thing focusing fire on a target.
Actually, I heard that in an attempt to bolster its strength, it posts stories on slashdot that link to security companies sites. If it can't take our Mac, BSD, and *nix boxes, it'll just have to do some social engineering! Did you notice every time someone has new information about storm, we end up slashdotting it? :)
I was only kidding when I started writing this, but on second thought... manual override of slashdot via front page stories isn't such a bad idea... Let's post a story about Mcaffee as a
Re: (Score:2)
Since a tenfold reduction in the number of infected machines seems sort of optimisti
Oblig Inverse (Score:2, Funny)
...reduced to a Squall (Score:4, Funny)
Comment removed (Score:5, Informative)
Re: (Score:2)
ok so why are they not focusing on these "nodes"?
Re: (Score:2)
Three guesses as to how storm supernodes get installed.
Re: (Score:2, Interesting)
Read this article.
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:3, Informative)
(If anybody cares, the current key, atleast for the botnet partition I've seen, is F3 AA 58 0E 78 DE 9B 37 15 74 2C 8F B3 41 C5 50 33 7A 63 3D E6 13 DF 6C 46 CA BE 9A 77 48 94 02 C0 F3 66 49 EE 87 21 BB.)
Re: (Score:2)
Re:looking for details on storm botnet control (Score:4, Informative)
!!! WARNING - THESE SITES CONTAINS JAVASCRIPT EXPLOITS AND POSSIBLY OTHER EXPLOITS - APPROACH WITH CAUTION !!!
70.241.136.75
24.31.16.133
68.58.22.93
69.153.22.0
24.30.230.51
75.23.213.0
76.22.95.226
76.87.15.223
213.85.39.178
68.126.134.102
68.81.124.62
200.127.28.133
68.158.67.73
68.42.159.205
66.30.37.175
12.202.175.97
200.106.170.69
86.127.5.24
195.3.220.153
24.0.96.97
Re: (Score:2)
SuperLaugh.exe 90923 (89K) md5: d87bd90e02d5137e6f5063f6fedce31e
Infected by Packed.Win32.Tibs.cu
Which doesn't tell us much, it seems to be a common way to refer to packed malware. It seems to be very small to be a peer to peer client.
The website I got it from is sick. Who wants to download a "psycho cat laughing to NO END"?
Re: (Score:2, Redundant)
Re:Mac and Linux users (Score:4, Insightful)
Re:Mac and Linux users (Score:4, Insightful)
Yes, those systems are more secure than Windows. No, they are not secure enough to deal with the assault of a wave of moronic users. Feel free to dream of an exodus away from Windows, but understand that nothing will change, even if your dream comes true.
Yes, but at what cost? (Score:4, Interesting)
Sure, you can secure Windows. You can also make Linux run Windows programs. If you're willing to put in the effort, I suppose you could run a web server on a C64 (Hey! Some people have!)
But the point is that it's a lot more practical to just buy a Mac if you're a non-technical user. You get ease of use, with none of the security and stability problems of Windows.
And if you are technical, and are going to put in the effort to learn a system in depth, why would you pick Windows? If you learn Linux, you can transfer that knowledge to working on UNIX systems, and the usefulness of your knowledge isn't subject to the capricious actions of a convicted felon (Microsoft). Sure, you could secure Windows, but every time Redmond releases another version, your knowledge becomes obsolete.
But there are a few additional points about Windows:
So sure, you can make Windows relatively secure, compared to other Windows boxes. But for the same amount of effort, you could secure a Linux machine to a much greater degree, and have a stable, trustworthy system as well. Sure, neither system is perfect, but for the effort you expend, you get a much better system by installing Linux or buying a Mac.
And I suppose a slashdot post wouldn't be complete without some anecdotal evidence. In the 10 years that I've been in the industry, every single one of my Windows using relatives have needed me to recover one of their crashed/unstable/unusably slow Windows systems. In fact, prior to XP, I had only met one person who both ran Windows and had not had it crash on them. And yet, even though Apple commands about 10% of the market, I have only once been asked if I could recover an Apple computer. And even then, it took only about 1/2 hour, and the guy didn't lose any of his data (he tried to update OS X, and botched it, but even then, he still was able to reco
Re: (Score:2)
Re: (Score:2)
Honestly, don't mean to troll, but you Windows users put up with so much trouble an annoyance just so you can avoid learning how a computer actually works...
That's a pretty big troll for "not meaning to troll". Using Windows is not a barrier to knowing how computers work. Hell, you wouldn't want me to go into my rant on how OSX's ui is dumbed-down compared to Windows, and even I'm not arrogant enough to claim that Mac users necessarily don't know how a computer works.
Sure, Macs are more expensive, and Linux has a steep learning curve, but isn't it worth avoiding all of the frustration you're going experience over the rest of your tech lifetime?
You know, for all the touted insecurities of Windows, I have been using it for YEARS, and have had a virus or spyware infection once. Even that one time, for that matter, it was only because I li
Re: (Score:2)
Using Windows is not a barrier to knowing how computers work.
Um, apparently Redmond disagrees with you:
It seems that Redmond's design philosop
Re: (Score:2)
It hides OS files by default. So even if you want to know how your system works, the nanny OS reminds you that you shouldn't be looking in that folder.
If you're referring to hidden files, fine, although I disagree. If you're referring to the little "click here to view inside this folder" screen, that's HARDLY bad, if you're interested in seeing the files it takes one little click.
It hides extensions by default. Yes, I've met Windows users who don't even know what an extension is, thanks to Microsoft.
Yeah, that annoys me.
It installs device drivers automatically, and hides their existence from the user.
It shouldn't install them automatically? Hell, even as a technically-minded user, I appreciate that little service.
And in the end, it's a DAMN GOOD THING to hide the inner workings of the OS from the average user. They'd wreak havok on it, and then cry t
Re: (Score:2, Insightful)
Re: (Score:2)
1) What trouble am I putting up with? My Windows computer doesn't have Storm on it.
(To be a snarky devil's advocate, even if my computer did have Storm on it, the entire point of viruses like Storm is to hide themselves from detection, so it wouldn't actually cause me much trouble.)
2) Do you honestly believe that the average Mac user knows more about ho
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2, Funny)
How is Storm spread? (Score:2)
I think maybe my ISP might be actually protecting its customers by filtering, because this box has yet to catch anything. I was hoping to get a bot worm on it, just so I could do some packet logging, and try to see some of the command and control packets the bot uses.
I'm not sure if I'm disappointed or happy that my ISP is filtering traffic.
Re: (Score:2)
Re: (Score:2)