Storm Worm Rising

The Storm worm has been an increasing problem in the last few months, but a change in tactics may mean something big is going to happen. The article discusses a bit of back story about the worm, including the somewhat frightening numbers about the millions of spam emails carrying the worm payload. They estimate between a quarter and a million infected systems usable for spam or DDOS attacks.

Love the tag "situationnormal"

[AKAImBatman]

I remember freaking out 10 years ago every time I saw someone running that cutesy little "fireworks display" email attachment. Despite my best efforts, I couldn't get the users to stop unzipping and opening it*. Glad to see that things haven't changed much.

SNAFU (Situation Normal: All F***ed Up)

* Before I get 10 million suggestions for a decade-past issue, yes we did find more effective ways of blocking it.

Naked teens attack home director

[tttonyyy]

Now I've got your attention worm style, click this link for more information:

http://en.wikipedia.org/wiki/Storm_Worm [wikipedia.org]

More information

[apachetoolbox]

http://en.wikipedia.org/wiki/Storm_Worm [wikipedia.org]

...names ranging from "postcard.exe" to "Flash Postcard.exe,"...

Shouldn't everyone be blocking .exe attackments at the MTA? Also look for a service running called wincom32 on infected machines.

Removal Tool

[apachetoolbox]

http://www.teamfurry.com/wordpress/2007/07/19/suns hine-on-a-stormy-day/ [teamfurry.com]

Re:How are these numbers calculated?

[strongmace]

Article says how they are calculated:

"Joe Stewart, senior security researcher at managed security company SecureWorks, at the Black Hat conference. .....

From the number of infected machines he's found, Stewart estimates that the Storm botnet could comprise anywhere from 250,000 to 1 million infected computers. And that raises questions, along with eyebrows. "

Beyond the slashdot effect...

[annamadrigal]

From the article: > For spam, a million-strong botnet might be overkill. > But botnets can do much more - like launching denial-of-service attacks. > These attacks aim to overwhelm a Web site or Internet server by sending > it a constant stream of garbage data at a particular Web site or Internet server.
A few years back there was a spate of DDOS attacks on root servers, for example: http://www.informationweek.com/news/showArticle.jh tml?articleID=197004237 [informationweek.com] which were described at the time as "possibly featuring millions of computers".
So, is this really such an enormous number? There seems to be a precedent for botnets of this scale....

Re:How are these numbers calculated?

[httptech]

The estimate is based on the number of unique IPs we've seen attacking networks we monitor, coupled with our knowledge of how the Storm botnet works. We've seen up to 100,000 bots sending the attack (the ecard spam) in a single day. Storm is a multi-tiered botnet, meaning that not all the bots are tasked with sending the emails. Some are supernodes (first-tier), designed to serve up the ecard executables via HTTP and facilitate communication between the regular (second-tier) nodes. Another factor is that some second-tier nodes will never be seen attacking, since they may be behind firewalls that block port 25 outbound or at an ISP that is doing SMTP blocking, so they may be part of the botnet but difficult to count.

In reality, the only source that can give you a precise count for the Storm botnet is the Storm controller - and he/she's not talking. So we do the best we can at estimating its size given the data available.

Re:NO!

[cyfer2000]

I use 7zip.

Re:NO!

[dark-br]

It makes no difference if you password protect them or not as to list the zip file content no password is needed. You only need the password to correct extract the files.

I've just switched to using RAR and as for now Google is leaving my attachments alone...

M Addario

Re:NO!

[^Case^]

Make a "package" make target that copies all relevant files into a package directory, zips the directory and ship of the mail. If you're using OS X or another un*x variant you can do all this with a single make target.

Why you aren't using version control is another question.

Re:Microsoft is going to lose big

[jpop32]

If they can't find a way to reach customers and get them fixes for the rampant insecurity of these machines that are compromised.

WTF are you talking about? RTFA, please. If you actually did that before funboying around, you'd notice that the program in question is not a worm at all, but a trojan. User has to manually run the attachment, probably clicking through a couple of dialogs practically begging him not to. But, since the user really, really _wants_ to see the cute kittens, or a naked celebrity, or whatever the trojan claims to be, trojan will be run. No OS can defend against the user being a sucker.

So, move along, please. Your tirade is totally off topic here.

Re:"The silent majority" is uninformed.

[NickFortune]

None of those things are with Windows itself though.

No, but they are Microsoft though - which is what I said in the first place.

Annoyances.org isn't the collection of old ladies you discussed

You're right, I just used it as a loose example. I'd be more specific about the complaints, but I wasn't expecting a test, and I forgot to make notes. All I can do is report what I remember from the show.

I'm willing to be quite a bit of /.ers post over there, so I doubt its unbiased.

meh. It's a support forum, not an advocacy site. It's not so much "Microsoft sucks" as "what do I do when when the registry fills up?". You don't get a lot of penguin heads there because... well, because we all use Linux and it's a windows support forum.

Annoying things are hardly a reason to HATE MS though.

Hatred isn't a rational act, though, is it? I mean, most people don't wake up in the morning and say "now who shall I hate today? Who is the most rational target for my hatred?". It's not like that. On the other hand, there's no shortage of people who think "if that computer crashes and loses my document one more time today, it's going through that window..." My point is that a lot of the things I heard cited as inspiring this hatred were typical MS grumbling points.

And if it's a good enough reason to hate computers, it's good enough to hate Microsoft. It's just a question of education ;)

I'd also have to think that the group would find a whole new slew of anoyances with Linux as well.

Oh quite possibly, although the latest Ubuntu is getting very good in that respect. But they'd be spared the malware, and the viruses and the worms... which is the starting point for this discussion.

(does YouTube work w/Linux?).

Yes, perfectly. At least since flash 9 was released for Linux.

Re:Vigilante worms

[mjwx]

The idea has been put forward and dismissed a number of times. The virii are either too ineffective or (unintentionally) destructive on their own.

[REN-ISAC]Storm Worm DDoS Threat to the EDU Sector

[pgn674]

Here's a notice to the education sector and what the Storm Worm can mean to universities: http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind 0708&L=cio&T=0&F=&S=&P=4540 [educause.edu]