Storm Worm Strikes Back at Security Pros 371
alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."
Who really knows (Score:4, Insightful)
Re:Contact the users (Score:5, Insightful)
Re:Who really knows (Score:5, Insightful)
Re:Contact the users (Score:0, Insightful)
Recommended: Learn to user your computer like a non-idiot.
Re:oh yeah, so scared (Score:5, Insightful)
Something tells me that your method won't work against Storm. This is due to the fact that if you tried such a stunt, it wouldn't be your PC that would be DoS'd, it would be the ISP's local NOC you were using to connect to the internet. If you forced a new DHCP reservation (all that an unplug/plugin does), you'd end up with another IP address (if the DHCP server ever responded to your request) sitting on the same hardware that is being DoS'd by Storm.
What is needed to fight a botnet of this size is a distributed probe net, where if one node is taken out by the botnet, the rest of the cloud keeps on probing it. After all, even a large botnet can only DoS so many locations at a time.
A better solution might be to spoof the IP addresses of other members of the botnet, thereby making it DoS itself into submission.
Re:Who really knows (Score:4, Insightful)
Re:The Latest Bond Script (Score:5, Insightful)
Re:A very simple solution. (Score:4, Insightful)
Stop reading/watching Faux News et al. and get your damn facts straight.
People should be able to call themselves a hacker without fear of reprisal, for it's the hackers who will inevitably find many of the flaws in the world that the corporate greedmongers want hidden. I mean who do you think are the people finding all of the buffer overflows, protocol mistakes, etc in services you use on a daily basis? If hackers went away companies could easily get away with insecure practices and billing like however they feel like.
It's the people who stop questioning how the world works that should get a bitchslap upside the head.
Re:A very simple solution. (Score:5, Insightful)
Well, the death penalty has certainly stopped people from committing murder in the United States. I think you're on to something.
Use this against them. (Score:5, Insightful)
Re:Contact the users (Score:3, Insightful)
Not having any customers.
You're the type of person who gets looked at by their boss and told "This code is terrible, it is unbelievably user-unfriendly, and it barely even accomplishes the task required because you have implemented so many hoops that people have to jump over just to get anything done"
to which you respond:
"Well we should start requiring all of our receptionists to have degrees in computer science from now on!"
FAIL!
If you make your system so "secure" that even your own users cant use it...then you have basically just DOS'd yourself..... = fail.
Re:Who really knows (Score:5, Insightful)
I only need to make sure I keep my copy of Stevens and Rago in a good shape till there.
Naieve (Score:4, Insightful)
Sure, you can find who is DDoS'ing you. You can then call the ISP/hosting company and complain. If they are in the US they will likely as not just tell you to get a court order. Outside the US they will laugh and suggest you bribe them. Either way, it is their customer's right to operate in whatever manner they choose. If they are presented with a valid court order from a court in their jurisdiction, they will quickly and efficiently comply. Otherwise, your complaint will go in the bit bucket.
Mostly the problem is that to a lot of ISPs their customer (and the revenue from that customer) is a whole lot more important than the negative effects their customer is having. Also, the customer may be Daddy and Sonny is the one causing all the trouble. Why would anyone want to offend bill-paying Daddy by cutting off service?
The problem here is that regardless of the problem - a botnet infested computer, a script kiddy trying to break in, or some other mischief - if you let it go, it gets worse. Every time a script kiddy gets to feel that rush of excitement at breaking to some computer somewhere without any consequences they get bolder. In the US it is not really possible to go after them until they run up at least $25,000 in damages. Because of this, you never hear about the high schooler getting in trouble because they defaced a web site. Instead you hear about someone after many years of mischief and mayhem who is being accused of causing $12,000,000 in damages computed in some creative manner to get the FBI's attention. There is never a thought of stopping this when the cost to everyone is minimal. Minimal doesn't get the FBI involved and local law enforcement is utterly clueless.
Nobody is really going to get taken down for this unless they do something incredibly stupid. Sure, you can find an IP address but you can't get the customer unless the ISP wants to cooperate. Can you get a court order for the ISP to identify the owner of the account? Probably not without at least $25,000 in damages that you can claim. Even then all you have found is an infected computer that the owner doesn't know anything about.
Re:A very simple solution. (Score:5, Insightful)
string Hackers="hardware hobbyists"
string Crackers="Saltines, safe-crackers, computer-criminals"
...
Hackers="computer-criminals";
Crackers="Saltines";
Re:Wait a minute... (Score:2, Insightful)
Storm is an entirely new breed of beast, bots change locations and roles all the time, a zombie could be a spam relay today, a DDoS grunt tomorrow, a web server the day after that, and a CnC machine on Friday. Physically locating a CnC box tells you nothing, good job you've located an infected box, by the time you get your hands on it it's role may have changed.
Re:oh yeah, so scared (Score:2, Insightful)
Re:Wait a minute... (Score:3, Insightful)
Governments are not interested in computer crime. They don't investigate it, they don't prosecute it (unless it's against them directly).
Re:Counter-DOS (Score:2, Insightful)
Re:Who really knows (Score:5, Insightful)
Now try to explain why the day after January 19th 2038 will be December 13th 1901.
Re:Contact the users (Score:4, Insightful)