Anti-Scammers Become Storm Botnet Victims 207
capnkr writes "It looks like the efforts of the anti-scammers at sites like 419eater, Scamwarners, Artists Against 419, and possibly others have become the target of the Storm botnet.
Spamnation has a post about it, and as of this writing none of the above listed sites are responding. Spamnation reports that CastleCops and other anti-spam forums are being DDoSed as well. Sounds like a massive, concerted effort against the folks who are fighting the good fight.
Although I hate it for the owners and admins of the above sites, I think it shows without a doubt that their efforts to 'get back' at the scammers are working."
Comment removed (Score:4, Interesting)
The counter-solution (Score:3, Interesting)
Re:craigslist scammers (Score:4, Interesting)
Re:Grey Hat solution (Score:4, Interesting)
50M dead HDDs would be fun in the oldschool spirit and at the same time would generate enough of fuss for people to start actually caring about security.
How do you explain this to the average joe? (Score:5, Interesting)
I told my oldest son about this botnet yesterday, mentioning that with between 2 million and 20 million CPU's working at any one time, and even that larger figure likely representing only a fraction of the botnet's total capacity, it collectively represented the most powerful supercomputer ever built... and it was effectively under the control of a small group of people with criminal intent - the author, or authors, of the worm. My son responded to me with a great deal of scepticism, first saying that none of these security experts which have made this analysis have any way to estimate what sort of computing power military organizations might have, so saying that it represented the most powerful supercomputer ever was actually a completely meaningless claim, and also, he proclaimed that the story was most probably just hype and over exaggerated. He said that the claim of the most powerful supercomputer ever being controlled by criminals was simply too much to be believable, like the headlines one might see on the front page of the Weekly World News tabloid. He also said that it was ludicrous to see how sending people "penis extension ads" (which is about all he figures a botnet can do) can actually seriously harm anything or anyone.
So this got me to wondering... how much of this actually _is_ something that is of any real concern, and if it really is, how could it be explained to people in such a way that it's not going to sound like some claim from a conspiracy theorist?
size (Score:2, Interesting)
Is the size of the the Storm network large enough to hold a really big player hostage? Could they eg DDoS Microsoft's update portal? Or Google's homepage? either for ransom or without?
Could they cripple other internet backbone infrastructure stuff, and thereby hold the nation's entire computer infrastructure hostage?
As TFA mentions, a DDoS attack is more expensive for the customer of the botnetters, as is easier to detect and stop at the ISP level, so I wonder if those attacks are really feasible, or if it'd just mean that everyone that's infected loses internet access until they get cleaned up. Which might not be such a bad thing.
But, in short, is the Storm Botnet an actual national security threat? Could a foreign power commission it to do the US computing infrastructure grievous harm; but could it be stopped if the DHS etc took protective action at the ISP level?
Re:Possible solution: treat computers like a car (Score:2, Interesting)
We also have intrusion protection at all of our border routers, that scans incoming and outgoing traffic. Our traffic wipes its feet before going out to the internet, if you know what I mean.
We also have a service plan for customers that covers all labor for anything they need done to their computer systems. So, if we detect that they are sending out viruses or spam (or both), we give them a call, pick up their PC, clean it, and return it to them at no additional charge.
The benefits of this program have been measured in lower support calls from customers, a cleaner internal network, more bandwidth available to everyone, and customers who no longer have to spend hundreds of dollars at a brick and mortar computer store to have their systems cleaned up and repaired. We are proactive in protecting the rest of the internet from whatever someone brought home from work (or any other network) on a laptop.
It's a hell of a lot of work, and a lot of money invested in hardware based IPS/Anti-SPAM/Anti-virus detection and prevention. But, it's an end-to-end service that rivals no other ISP that I know of.
We advertise by word of mouth, BTW, and will break 5000 customers by summer of next year. People on our system love this stuff!
Re:Solution??? (Score:4, Interesting)
By the way, the download in Ubuntu asking where to save it has a cancel button. I didn't download it to get a filesize. Sorry.
I know I am not sending any extra data as part of this bot simply because my network switch sits right under my monitor. There is no unusual traffic here. I think everyone should be constantly monitoring their network traffic.
Maybe MS and Ubuntu can make a traffic monitor that sits on the desktop by default. I know most people would ignore it thinking it is Limewire or Torrent traffic.
Re:The counter-solution (Score:3, Interesting)
What on earth makes you think people like Microsoft and Google don't get hit by these people?
I have no data you don't, but I'd be amazed if no-one has ever threatened the richest IT companies in the world with outages if they don't pay up.
Re:Solution??? (Score:3, Interesting)
Re:Grey Hat solution (Score:3, Interesting)
Re:Solution??? (Score:2, Interesting)
Ya DHS are morons (Score:4, Interesting)
Well if you've got people like that advising you, I'm going to guess the technical conclusions you come to are probably not going to be the correct ones.
The final straw. (Score:2, Interesting)
Re:More than just DDoS (Score:2, Interesting)
Re:somebody needs to stop... (Score:2, Interesting)
As for your second point, don't be a troll. All software has bugs, microsoft is no different. If you bothered reading about this at all, you'd realize that most anti-virus products will detect and remove this worm. The people who are running windows without an anti-virus program are the same people who don't install windows updates (and the ones who ran 'game1.exe' from a random email). If Microsoft could create an 'ultimate patch' that would make Windows completely secure (stop laughing, there's a point to this), do you really think everyone would install it? There would still be worms and viruses, they'd just target the unpatched systems and prey on people who don't know enough about computer security.
Re:Grey Hat solution (Score:2, Interesting)
The only way to counter such a worm is to perform active scanning, even if it floods the networks. Of course, a gray hat designer would prefer a flooded network over a botnet - per minimal collateral damage guidelines.