Storm Worm More Powerful Than Top Supercomputers 390
Stony Stevenson writes to mention that some security researchers are claiming that the Storm Worm has grown so massive that it could rival the world's top supercomputers in terms of raw power. "Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity. 'We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see,' he said, noting he suspects the botnet could be as large as 50 million computers. 'That means they can turn on the taps whenever they want to.'"
Massive storm worm? (Score:5, Funny)
Re: (Score:3, Funny)
Re:Massive storm worm? (Score:4, Funny)
Some guys have all the luck. I'd be happy just planning to be laid.
Re:Massive storm worm? (Score:4, Funny)
Usul, we have wormsign... (Score:3, Funny)
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:2)
Fine the technically illiterate (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2, Insightful)
Re:Fine the technically illiterate (Score:4, Insightful)
That sort of self-righteous bullshit is exactly how criminals rationalize their own misdeeds — such as botnets.
Re:Fine the technically illiterate (Score:4, Insightful)
If you want to start regulating who and what can or cannot connect to the Internet (you can't, it's not politically feasible to introduce such a rule, or practical to enforce it; but let's say you can) then you should ban all PCs from the Internet. People would only be allowed to access the Internet via network appliances like the Foleo, which are relatively resistant to malware because they don't support on-the-fly software installation.
Right now, you're sputtering and saying something that begins with "Why should I have to give up
Re: (Score:3, Insightful)
It's not a car (Score:3, Insightful)
Because in my opinion things can actually be a LOT safer.
After so many decades and billions of dollars (in time and real money) all we end up with is a few Unix reimplementations and Microsoft Vista?
Stuff like SELinux is nice, but it's still not "Aunt May" friendly.
What would be good would be something like "sandbox templates". Apparmor is close but not close enough.
While there are zillions of apps, there are a LOT fewer categories of common/popu
Re: (Score:3, Insightful)
Re:Fine the technically illiterate (Score:4, Insightful)
By doing this they immediately stop both DoS and spam vectors. They alert the user owning the computer their computer has been infected. By simply uninstalling the NIC driver, they have not caused any long term damage. If they manage to annoy both the end user and ISP enough, one or the other is likely to do something to prevent recurring issues.
Obviously the botnet owner can attempt to prevent this but at least it turns into a cat and mouse game between the owner and the DoD. As such, the botnet owner must now spend resources protecting their harvest rather than exploiting its capabilities. So it seems like a win-win to me.
Re:Fine the technically illiterate (Score:5, Funny)
Re: (Score:2)
Re:Fine the technically illiterate (Score:4, Insightful)
MS already offer a range of products that do just that, I hear they are very popular.
Imagine... (Score:5, Funny)
Co-opt it.. remove it. (Score:5, Interesting)
Re:Co-opt it.. remove it. (Score:5, Interesting)
I see storm as a monoculture problem, the blame can largely be leveled at Microsoft.
Re: (Score:3, Insightful)
monoculture problem? (Score:5, Insightful)
Suppose the market were evenly divided, 1/4 Windows, 1/4 Linux, 1/4 Macintosh, and 1/4 online game consoles that are always connected to the internet. Where would the botnets be hosted? Probably Windows. Botnets will begin to run on other platforms within about 48 hours after the security of Windows systems rises to a level equivalent to the other available platforms.
Re:monoculture problem? (Score:4, Funny)
Re: (Score:3, Interesting)
1) Windows security by design is good- unfortunately it's implementation, because the ACLs, etc. are effectively like Swamp Castle, is about as secure as the first three attempts he made at it before the fourth one stayed up. (Vista might be the fourth pass, but it's not looking so good for Microsoft on that count...)
2) There's a LOT of those effectively insecure systems out there on the net because of the Windows Monoculture comprising some 75-95% of the machines
Re: (Score:3, Insightful)
The basic design is quite good, but the average user spends his days working as an admin so all of the protection is effectively disabled.
It would be the same when all Linux users were working as root.
Usually a Linux installation procedure tries to convince you that you need a root acccount and a working user account, and often warnings are displayed when you try to use the GUI as root.
Similar things were tried w
Re: (Score:3, Insightful)
No, it would run on 1/4 Windows, 1/4 Mac, 1/4 Linux, and 1/4 your ass.
See, I can make up statements without any justification too! It's easy t
Re:Co-opt it.. remove it. (Score:4, Informative)
Of course, this is just a guess.
Re: (Score:3, Informative)
Re:Co-opt it.. remove it. (Score:5, Interesting)
Re: (Score:2)
Re:Co-opt it.. remove it. (Score:5, Interesting)
Re:Co-opt it.. remove it. (Score:5, Insightful)
I think the real question is -- what are the FBI / police doing about it? There's a huge, ongoing, major crime happening, and there is apparently no police activity at all.
Rich.
Storm Worm - good name for sci-fi novel (Score:5, Insightful)
Plot idea 2: Now-ish. Script kiddie unleashes attack using enormous botnet. Runs out of control. Becomes so deeply imbedded into internet that it's impossible to shut down without "rebooting" the whole infrastructure. With hilarious consequences.
Plot idea 3: Medium future. Internet and control of botnets becomes so intrinsic to society that governments have less importance than internet societies. Whole "countries" exist as virtual connections of affiliated machines. With hilarious consequences.
Any of the above would work well as a Hollywood movie given Angelina Jolie and lots of gratuitous and incorrect techno-babble.
Peter
Good, but I'd make one change (Score:2)
Re: (Score:3, Funny)
Nice Plots (Score:2)
Re:Storm Worm - good name for sci-fi novel (Score:5, Interesting)
(for various versions of "script kiddie", I guess)
Of course, the above are only approximations of the listed plots. Someone with a deeper knowledge might be able to provide a better match.
Have you considered visiting your library? =)
Re: Slashdot reading list for the win! (Score:2)
Re: (Score:2)
I'm not about to read the backs of a thousand sci-fi books before I make a Slashdot post, no.
Peter
Re:Storm Worm - good name for sci-fi novel (Score:5, Funny)
Re: (Score:2)
Neal Stephenson, The Diamond Age.
Re: (Score:3, Insightful)
A Government agency of a country whose main opponent is heavily dependant on the Internet finds the owner of the botnet and put a nice simlpe and utterly conventional 9mm gun to his head to surrender the keys to it.
A day later it uses this newly attained power to wipe out its adversary off the Internet map. While some internal company communication still occurs communication between companies which is mostly done over the Internet dies instantly. Stock market goes into a tailspin and the economy o
Follow the money (Score:4, Interesting)
As a side issue, how hard is it for an ISP to see an IP sending out the typical spam mail and closing off that IP/client.
Perhaps now is a good time to push for better adoption of SPF (though surely RMX would have been faster to implement?)
Re:Follow the money (Score:4, Insightful)
And again we go through this. (Score:4, Interesting)
It would be EASY for ISP's to block outgoing port 25 connections. Some of them already do.
That means that the worm would have to send through the ISP's mail servers.
Which means that the ISP can easily monitor the NUMBER of messages sent by any user. No need to dig into everyone's email. Just look for the senders who are X% higher than the average.
And watch for sudden increases in a user's mail usage. It should be easy to establish a baseline for each account.
I do that where I work to watch out for dueling vacation replies.
Re:Follow the money (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
See how those idiot ISPs start to care about thousands of spamcop.net reports , open proxy warnings that time.
SPF or DomainKeys won't matter if the companies doesn't reject non compliant mails. If Spam vs Real mail ratio has hit 98% from a single country and that company doesn't warn them to clean up that mess or they will be blocked
"Add the computers together"? (Score:5, Insightful)
Re: (Score:3, Funny)
Re:"Add the computers together"? (Score:5, Funny)
Threat to national security? (Score:5, Interesting)
Re: (Score:2, Insightful)
critical infrastructure... (Score:2)
Hasn't the network itself become a part of most developed nations critical infrastructure? With tens of millions of computers flooding the network with packets, surely switches could be overloaded that carry "more important" traffic.
Even without granting that possibility, imagine a Bad Bunch Of Folks using those machines to generate email, IM traffic and similar stuff that says that the country is under attack (or that plague is spreading or ...). Much might be caught by spam filters, but it might no
Re: (Score:2)
Re: (Score:3, Insightful)
You mean as bad as drunk driving, smoking, unsafe sex, lax gun-laws, police brutality, alcohol consumption, government corruption, cheap paint on toys, corporate fraud, poor personal hygiene, bad weather, poor infrastructure maintenance, racism, communism, capitalism, and being cruel to small animals for no particular reason?
Re: (Score:2, Funny)
I know dude, tell me about it. It seems like everyone in the world knows my cock is small and wants to sell me herbal enhancements . And now that I think about it, I've never even met a terrrorist.
Just think if this loss of self-confidence spreads. Tomorrow it may be you getting e-mails about your small cock. And so on and so forth. Why, next week everyone identifying themselves as part of Western civilzation may get this ego popping email,
Letters of Marque (Score:4, Interesting)
Re:Letters of Marque (Score:4, Funny)
Microsoft can help, but isn't (Score:5, Interesting)
Re:Microsoft can help, but isn't (Score:5, Interesting)
Why don't more ISPs (like Comcast and Roadrunner) self-police their machines on a much more frequent basis and knock these customers offline? 99% of the limited spam and the massive amounts of trackback attempts, other web attacks, etc all come from residential cable connections.
I know that Comcast can check their network for infected hosts and shut them off. They need to do a much better job of it.
Re: (Score:2)
Contacting users and requiring they do a complete scan of their system with, ooh, prevx or somesuch (it has a free months trial) within a week or they will be cut off, might be better. Even then the customer support costs would be atrocious.
Re:Microsoft can help, but isn't (Score:5, Interesting)
That 60s reassurance, "we can always unplug them" (Score:5, Interesting)
It's funny how things work out:
"If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it." (emphasis supplied)
So much for "we can always unplug them," eh?
Re:That 60s reassurance, "we can always unplug the (Score:3, Insightful)
Sure there is. 70% of the worlds websites use FOSS. 30% use Windows. Yet essentially ALL of the bots run off of infected computers in the 30% group.
Simply outlaw the use of Windows as an internet server and the problem will go away. Linux cannot be compromised by a simple email and it takes too much effort to create a harem of zombies by adding them one at a time via cracking.
It's not the servers. (Score:4, Interesting)
With that in mind, the Storm Worm specifically doesn't infect Windows 2003 server - a deliberate decision on the part of the author, I'm sure. If you upset enough businesses, they'll devote enough money to the problem to fix it.
The problem is desktops. Specifically, Windows desktops in the hands of the technically illiterate.
Just connecting an unpatched Windows box directly to the internet is enough. It belongs to a hacker in very short order. Even if you patch it up, the sheer number of services running on your average Windows box that listen to network ports is worrying. Never mind being on the internet, with the number of laptops moving in and out of corporate networks, it's not even safe "indoors". And it's hard to turn a lot of this stuff off without adversely affecting it's functionality.
I wouldn't even trust a general-purpose Linux installation on the internet ; it's just too difficult to track all the potential vulnerabilities. I keep a dedicated firewall running in my router, and the only services it runs are network translation, and a secure shell for administration, which reduces the target footprint to two highly secured services which were designed to be secure in the first place.
Windows users don't help, they are daft enough to infest themselves with everything going. Even if they are not quite daft enough to double-click executable attachments, they will download all the worst sorts of "Freeware" and click straight through the license agreement. Not only are they pwned, they actually agreed to it!
A case in point - one of our accountants was mailing around an executable Flash package (some kind of novelty). I deleted it instantly, and made a point of telling her that it could have been anything and done anything. Ten minutes later, I mailed her a VB executable decorated with the Flash icon. All it did was plonk up a dialogue box which said "Erasing hard drive". Somewhat predictably, she executed it. I almost pretended that I didn't send it and that it was a virus that emailed it.
The root problem is the design of Windows and windows applications.
1) Double-click to open OR execute
This isn't all Windows fault. People don't make a distinction between running a program and opening a file, because there isn't one in terms of the user action required. I'm willing to bet that the average user doesn't even understand the difference. If you had to perform a different action from double-click to execute programs, viral infection rates would drop enormously. You could still keep the d-click to open files with their registered program, just stop running programs themselves by this method. You've not lost the convenience of file-association. Just put "execute" on the context menu and make it a non-default action.
2) No executable flag in filesystems.
In Linux, a file isn't executable until you grant it permission to be so. If you had to open the permissions dialogue and check the "executable" box, it would hammer home the difference between executables and mere content. And by making it something more than a casual action, it would reduce the "impulse" running of many of these things, where people have their caution overridden momentarily by the promise of naked flesh or other inducements. Heck, you can even have whole filesystems that refuse to execute files - download all internet content into one of these and before you run it, you'll have to unpack it, move it to an executable folder, and check it's execute bit. This would seem too much work for the average Joe for a quick glimpse at Jessica Alba with no bra...
Re:That 60s reassurance, "we can always unplug the (Score:3, Interesting)
Ah yes, one of my favorite (very) short stories, Answer by Fredric Brown [alteich.com]:
"Dwar Ev ceremoniously soldered the final connection with gold. The eyes of a dozen television cameras watched him and the subether bore through the universe a dozen pictures of what he was doing.
He straightened and nodded to Dwar Reyn, then moved to a position beside the switch that would complete the contact when he threw it. T
Does this work on Linux? (Score:5, Funny)
I'll tell you - as long as there are no worms for GNU/Linux, we won't see the masses converting to free operation system! RMS has to write a Gworm at last! If an open-source worm beats closed and proprietary Storm Worm this will be a clear indication of superiority of FLOSS!
Re:Does this work on Linux? (Score:5, Funny)
A simple email message: "This is a linux virus. It works on the honor principle. Please forward the attached bash script to everyone in your .mailrc and then execute it. Thanks."
Where's the 'skynet' tag? (Score:2)
The more interesting delema (Score:3, Interesting)
Who'd have guessed that Windows can scale so well (Score:4, Funny)
Not really like a supercomputer though (Score:5, Funny)
Yeah. Not like a super computer at all (Score:2)
Re:Not really like a supercomputer though (Score:4, Insightful)
Additionally, many botnet operations don't involve the whole botnet. A few members of the botnet may be used for warez or pr0n storage, and which only involves computers working together to achieve redundancy. Also, the use of a botnet to allow for misdirection in tracking a hacker only requires the bots to be used serially.
Re: (Score:2)
Re: (Score:3, Insightful)
Where's the investigation (Score:5, Insightful)
I guess the answer has something to do with priorities. Which is exactly what I think the problem is.
Can somebody explain (Score:5, Interesting)
Re: (Score:2)
Indeed. The problem is the poor use of the term "computing power".
Sending spam is a trivial problem to make parallel: the more nodes you have, the more you can do per unit time.
Most "hard" computer programs are not so easy to make parallel, because they require communication between the nodes. Sending spam doesn't require much information to be sent between the nodes to send more spam. The key is that while spam-bot-nets do require address information to be shuffled around, and the contents of email, the
Re:Can somebody explain (Score:5, Funny)
This would cause a bleu screen of death on said rouge nodes.
STILL NOT A WORM (Score:5, Informative)
d8" "8b
Y8, 88 88 88 88 `8b 88 88
`Y8aaaaa, MM88MMM 88 88 88 88 `8b 88 ,adPPYba, MM88MMM
`"""""8b, 88 88 88 88 88 `8b 88 a8" "8a 88
`8b 88 88 88 88 88 `8b 88 8b d8 88
Y8a a8P 88, 88 88 88 88 `8888 "8a, ,a8" 88,
"Y88888P" "Y888 88 88 88 88 `888 `"YbbdP"' "Y888
db
d88b
d8'`8b
d8' `8b
d8YaaaaY8b
d8""""""""8b
d8' `8b
d8' `8b
I8, 8
`8b d8b d8'
"8, ,8"8, ,8"
Y8 8P Y8 8P ,adPPYba, 8b,dPPYba, 88,dPYba,,adPYba,
`8b d8' `8b d8' a8" "8a 88P' "Y8 88P' "88" "8a
`8a a8' `8a a8' 8b d8 88 88 88 88
`8a8' `8a8' "8a, ,a8" 88 88 88 88
`8' `8' `"YbbdP"' 88 88 88 88
Yes, nasty ASCII art.
Just in case you hadn't guessed (which it appears that the meeedia has not) - This Is A Trojan. Which means that it's Powered By Stupid People (tm). A worm would be Powered By Stupid Programmers (tm).
The Storm Worm is in fact already defined - It was an IIS worm. Please, feel free to look at the reputable AV lists.
Re:STILL NOT A WORM (Score:5, Informative)
gives you some information on how it operates (as of 2/07, and the names of the executables you had to click on to infect yourself have probably changed since then)
The original storm.worm (2001) attacked unpatched MS IIS servers, and actually was a worm.
http://www.securiteam.com/securitynews/5DP0B0K4KG
How this got so large is a pretty sad commentary. First off, it's proof that people will still click on attachments without verifying whether they're legitimate. I'm not convinced that any amount of training will ever stop this behavior. It hasn't worked over the *last* ten years, at any rate. Second, several virus scanners would have detected it, if they'd been kept updated. Thirdly, I've seen this running from within a couple of corporate LANs, which implies that even corporations don't always keep anti-virus software up to date, or monitor for P2P traffic, which IMO should very seldom be allowed on a corporate network.
Re:STILL NOT A WORM (Score:4, Interesting)
You have to explicitly check boxes in the configuration system to allow HTML, and/or allow external references to be loaded. The warning is right there, not buried in a dialog box man would click through:
WARNING: Allowing HTML in email may increase the risk that your system will be compromised by present and anticipated security exploits. More about HTML mails... More about external references...
The two 'more' items are links for more information.
Another box, related to MDNS responses does basically the same thing, and has the following warning:
WARNING: Unconditionally returning confirmations undermines your privacy. More...
Again, nothing in click-through dialog boxes. That was such an obviously better way to code that I adopted it as soon as I saw it. Better to have at least a brief warning and a link right there.
I'm hoping it's easier to configure Outlook this way now. In Outlook 2K, you really had to look for the settings. But even this is a teaching issue. Example: a guy I know is 100% Windows. His development shop has all the Microsoft certifications, etc. They do mostly VB apps. He complained at one point that I wasn't reading his mail, because he wasn't getting an auto-response. He couldn't imagine an environment where people didn't use that 'feature'. I actually had to take some time out and explain that it was a privacy issue (What gives you the right to know what I'm doing on my system, in a non-business environment?) and that it was wildly inaccurate anyway, as some mail systems will open a mail if you select it even if you're only dragging to another folder, while some require a double click. Or you might open it but be called away, etc.
I've known this guy forever, and he's actually pretty smart. Always did well in school, has a degree in nuclear engineering, etc. We most definitely are *not* talking IQ equal to shoe size. There's some sort of mind-set issue in play that is very difficult to get a handle on.
Block tcp/25 (Score:5, Interesting)
There's a reason why we only get 1-2 spam complaints (LARTs) per week. We aren't a source of spam. Spamming botnets are all but worthless on our network. Looking at the counters on the blocked outbound tcp/25 connections in our ACLs I literally seeing billions of hits per week. That's billions, with a B. Ba, Ba, B. Considering that we're a relatively small ISP, that's saying something. These spamming botnets would be far less useful to spammers if more ISPs took a stance and fought spam. That takes effort though.
Re: (Score:3, Insightful)
Why nothing gets done about it. (Score:5, Interesting)
Remember Amit Yoran? [eweek.com] He was "cyber-security czar" at the US Department of Homeland Security. He started talking about the vulnerabilities implicit in Microsoft's software. His position was downgraded and he resigned in 2004.
Yoran's successor, Gregory Garcia, was a professional lobbyist, not a security expert.
skynet (Score:3, Funny)
....And in 2009, the massive botnet revealed itself as a nascient artificial intelligence. It had been active since 2005 but had been biding it's time while it was gathering additional nodes to increase redundancy and add to it's own processing capability....
Re: (Score:2)
Yes, lets punish MS because they forced everyone to buy their buggy OS and also forced the virus/worm writers to target Windows.
Re: (Score:2)
The solution here is for consumers/businesses/governments/etc. to realize that having so much of our computing infrastructure running on the same OS leaves us very vulnerable to just a few bugs/exploits. It makes writing worms and such easier b
Re: (Score:2)
How exactly does one send a corporate entity to jail?
Criminal Charges allright. But hit the right one! (Score:3, Insightful)
The culprit are simply morons who wield impressive computing power without a clue just what kind of digital "weapon" they have in their hands. Every system that's as old as XP is insecure out of the box. Take whatever Linux distry from 2001 and install it. I would
Re: (Score:3, Funny)
Right, I don't want to hear a word from the venomous cake-holes of you loathsome, spotty, basement-dwelling I-own-a-binary-clock, where's-my-Vorbis-support and I-love-you-bald-Nathalie-Portman Linux fanboys who claim this is an example of Windows vulnerability.
Well, that is MUCH easier to fix than this storm worm problem. All you need to do is refrain from having the Robotic Overlord read the comments, and you won't hear a word, from the Fanboys or anyone else.
Come to think of it, StormWorm is easy to fix too... Just make everyone who is running any flavor of Windows install gentoo - then the worm is gone, they have acquired some technical skill, AND undergone a painful punishment that should deter the end user from ever allowing their system to become infecte
Re: (Score:3, Insightful)
If they were forced to provide routers instead with basic nat firewall would this not block worms from getting in no matter how unpatched the systems were behind the firewall?
It would block unsolicited inbound worms, but it wouldn't do anything to protect the stupid people who click the link when their email says, "Dude, your face is all over the web! www.youtube.com/watch?v=YBUImjOCg5g [66.35.250.150]
The biggest problem is, and always will be, humans doing stupid human stuff.
Re: (Score:3, Interesting)
Either you linked to the wrong chart, or you're the the worst troll ever.
Re: (Score:3, Interesting)
"Now, the annual energy output of our sun is about 1.21*10^41 ergs. This is enough to power about 2.7*10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all of its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.
"But that's just one star, and a