Storm Worm More Powerful Than Top Supercomputers 390
Stony Stevenson writes to mention that some security researchers are claiming that the Storm Worm has grown so massive that it could rival the world's top supercomputers in terms of raw power. "Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity. 'We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see,' he said, noting he suspects the botnet could be as large as 50 million computers. 'That means they can turn on the taps whenever they want to.'"
STILL NOT A WORM (Score:5, Informative)
d8" "8b
Y8, 88 88 88 88 `8b 88 88
`Y8aaaaa, MM88MMM 88 88 88 88 `8b 88 ,adPPYba, MM88MMM
`"""""8b, 88 88 88 88 88 `8b 88 a8" "8a 88
`8b 88 88 88 88 88 `8b 88 8b d8 88
Y8a a8P 88, 88 88 88 88 `8888 "8a, ,a8" 88,
"Y88888P" "Y888 88 88 88 88 `888 `"YbbdP"' "Y888
db
d88b
d8'`8b
d8' `8b
d8YaaaaY8b
d8""""""""8b
d8' `8b
d8' `8b
I8, 8
`8b d8b d8'
"8, ,8"8, ,8"
Y8 8P Y8 8P ,adPPYba, 8b,dPPYba, 88,dPYba,,adPYba,
`8b d8' `8b d8' a8" "8a 88P' "Y8 88P' "88" "8a
`8a a8' `8a a8' 8b d8 88 88 88 88
`8a8' `8a8' "8a, ,a8" 88 88 88 88
`8' `8' `"YbbdP"' 88 88 88 88
Yes, nasty ASCII art.
Just in case you hadn't guessed (which it appears that the meeedia has not) - This Is A Trojan. Which means that it's Powered By Stupid People (tm). A worm would be Powered By Stupid Programmers (tm).
The Storm Worm is in fact already defined - It was an IIS worm. Please, feel free to look at the reputable AV lists.
Re:Co-opt it.. remove it. (Score:4, Informative)
Of course, this is just a guess.
Re:Co-opt it.. remove it. (Score:3, Informative)
Re:Microsoft can help, but isn't (Score:2, Informative)
Re:STILL NOT A WORM (Score:5, Informative)
gives you some information on how it operates (as of 2/07, and the names of the executables you had to click on to infect yourself have probably changed since then)
The original storm.worm (2001) attacked unpatched MS IIS servers, and actually was a worm.
http://www.securiteam.com/securitynews/5DP0B0K4KG
How this got so large is a pretty sad commentary. First off, it's proof that people will still click on attachments without verifying whether they're legitimate. I'm not convinced that any amount of training will ever stop this behavior. It hasn't worked over the *last* ten years, at any rate. Second, several virus scanners would have detected it, if they'd been kept updated. Thirdly, I've seen this running from within a couple of corporate LANs, which implies that even corporations don't always keep anti-virus software up to date, or monitor for P2P traffic, which IMO should very seldom be allowed on a corporate network.