| |
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| DDOS & Spam Attacks - Strom Worm Botnets and Zombie Computers How save are you online? How save is your computer? This forum will focus on the treats that botnets pose. We see this as an IMMINENT DANGER |
 |
| | LinkBack | Thread Tools | Rate Thread | Display Modes |
|
#1
11-10-07, 10:55 PM
| ||||
| ||||
Storm Worm Strikes Back The Storm worm is fighting back against security researchers that seek to destroy it and has them running scared, Interop New York show attendees heard Tuesday.The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats. "As you try to investigate [Storm], it knows, and it punishes," he says. "It fights back." As a result, researchers who have managed to glean facts about the worm are reluctant to publish their findings. "They're afraid. I've never seen this before," Korman says. "They find these things but never say anything about them." And not without good reason, he says. Some who have managed to reverse engineer Storm in an effort to figure out how to thwart it have suffered DDoS attacks that have knocked them off the Internet for days, he says. As researchers test their versions of Storm by connecting to Storm command-and-control servers, the servers seem to recognize these attempts as threatening. Then either the worm itself or the people behind it seem to knock them off the Internet by flooding them with traffic from Storm's botnet, Korman says. A recently discovered capability of Storm is its ability to interrupt applications as they boot up and either shut them down or allow them to appear to boot, but disable them. Users will see that, say, antivirus is turned on, but it isn't scan for viruses, or as Korman puts it, it is brain-dead. "It's running, but it's not doing anything. You can brain-dead anything," he says. The worm has created a botnet of slave machines whose latent size and power is unknown. The number of infected machines available to launch spam and DoS attacks is estimated from hundreds of thousands to 50 million. Korman says he believes it's between 6 million and 15 million. One intimidating aspect of the botnet the worm commands is that it is used infrequently, indicating that it is for sale or lease to what he terms "profit nation" -- computer hackers who do their work for money not fame. The potential exists for the botnet to be used by political entities for cyberterror attacks, he says. "It's getting more serious the more I look at it," Korman says. "I'm more concerned not so much about where Storm is today, but where it's going." Still, the power of Storm, also known as Peacomm, is still hotly debated. Earlier this week another expert said the worm had pretty much run its course and was subsiding. For more information about enterprise networking, go to NetworkWorld. Story copyright 2007 Network World Inc. All rights reserved. PC World - Storm Worm Strikes Back
__________________  Last edited by ScamBuster; 11-11-07 at 02:03 PM.      |
|
#2
11-10-07, 10:58 PM
| ||||
| ||||
Storm Worm Retaliates Against Security Researchers Nasty squall By John Leyden → More by this author Published Thursday 25th October 2007 13:58 GMT Download free whitepaper - NetApp Technical Case Study New features of botnets created by the infamous Storm Worm allow denial of service attacks to be launched against security defenders that attempt to interrupt its operation. Attempts to probe command-and-control servers can result in a withering counter-attack of malicious traffic that can swamp the internet connections of security activists for days, according to Josh Korman, host-protection architect the ISS security division of IBM. "As you try to investigate [Storm], it knows, and it punishes," Korman told delegates at the Interop New York conference this week, Network World reports. It's unclear whether the counter-attacks are launched automatically by the malign system or by botnet herders manually. What is clear is that the code behind the malware is evolving. Instead of simply disabling anti-virus applications, the latest refinement to the worm means that such applications may appear to run but are unable to detect malware. "It's running, but it's not doing anything," Korman explained. "You can brain-dead anything." The Storm Worm malware strain first surfaced in January, in emails attempting to trick users into visiting maliciously-constructed websites under the guise of messages offering recipients information about the storms ravaging Europe at the time. Over recent months crackers have refined their tactics. Emails punting the malware now contain fake links to YouTube, for example. Hackers have also attempted to trick users into visiting maliciously-constructed websites via login confirmation spam or bogus electronic greeting card receipts. The attack methodology is much the same in each case. The malicious sites are designed to load malware onto the PCs of Windows users, typically using well-known security vulnerabilities that a user has failed to patch. Compromised machines become clients in zombie networks under the control of hackers. Estimates of the number of machines infected by the Storm Worm (which is actually more accurately described as a Trojan, although routinely described as a worm by security researchers) estimate from one to five million or more. Last month it emerged that hackers had effectively segmented the Storm botnet into smaller networks. Individual compromised clients connect to other infected machines using Overnet, a peer-to-peer protocol. Bot herders have begun using a 40-byte key to encrypt traffic sent through Overnet, since each node must know the password to unencrypt the Overnet traffic, providing a mechanism for hackers to segment the network into smaller components. ® Storm Worm retaliates against security researchers | The Register
__________________ Last edited by ScamBuster; 11-10-07 at 10:59 PM. |
|
#3
05-23-08, 07:38 AM
| |||
| |||
"The Storm worm botnet shrank in April to just five per cent of its original size, according to MessageLabs, which conducts a monthly analysis of malware trends. New tools that remove Storm infections are responsible for the huge fall in Storm-infected machines, the net security firm says............................. For more news, log on to: Last edited by Scrub; 05-23-08 at 11:17 PM. |
Storm Worm radically shrinking. Really? I wonder 
Linear Mode
