Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm Rising

Posted by CmdrTaco on from the goggles-do-nothing dept.

The Storm worm has been an increasing problem in the last few months, but a change in tactics may mean something big is going to happen. The article discusses a bit of back story about the worm, including the somewhat frightening numbers about the millions of spam emails carrying the worm payload. They estimate between a quarter and a million infected systems usable for spam or DDOS attacks.

7 of 218 comments (clear)

  1. Naked teens attack home director by tttonyyy · · Score: 5, Informative

    Now I've got your attention worm style, click this link for more information:

    http://en.wikipedia.org/wiki/Storm_Worm

    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  2. More information by apachetoolbox · · Score: 4, Informative

    http://en.wikipedia.org/wiki/Storm_Worm

    ...names ranging from "postcard.exe" to "Flash Postcard.exe,"...

    Shouldn't everyone be blocking .exe attackments at the MTA? Also look for a service running called wincom32 on infected machines.

  3. Re:How are these numbers calculated? by strongmace · · Score: 4, Informative

    Article says how they are calculated:

    "Joe Stewart, senior security researcher at managed security company SecureWorks, at the Black Hat conference. .....

    From the number of infected machines he's found, Stewart estimates that the Storm botnet could comprise anywhere from 250,000 to 1 million infected computers. And that raises questions, along with eyebrows. "

    --
    "If we hit that bullseye, the rest of the dominos will fall like a house of cards. Checkmate." -Zapp Brannigan
  4. Re:How are these numbers calculated? by httptech · · Score: 5, Informative

    The estimate is based on the number of unique IPs we've seen attacking networks we monitor, coupled with our knowledge of how the Storm botnet works. We've seen up to 100,000 bots sending the attack (the ecard spam) in a single day. Storm is a multi-tiered botnet, meaning that not all the bots are tasked with sending the emails. Some are supernodes (first-tier), designed to serve up the ecard executables via HTTP and facilitate communication between the regular (second-tier) nodes. Another factor is that some second-tier nodes will never be seen attacking, since they may be behind firewalls that block port 25 outbound or at an ISP that is doing SMTP blocking, so they may be part of the botnet but difficult to count.

    In reality, the only source that can give you a precise count for the Storm botnet is the Storm controller - and he/she's not talking. So we do the best we can at estimating its size given the data available.

  5. Re:NO! by dark-br · · Score: 3, Informative

    It makes no difference if you password protect them or not as to list the zip file content no password is needed. You only need the password to correct extract the files.

    I've just switched to using RAR and as for now Google is leaving my attachments alone...

    M Addario

  6. Re:Microsoft is going to lose big by jpop32 · · Score: 4, Informative

    If they can't find a way to reach customers and get them fixes for the rampant insecurity of these machines that are compromised.

    WTF are you talking about? RTFA, please. If you actually did that before funboying around, you'd notice that the program in question is not a worm at all, but a trojan. User has to manually run the attachment, probably clicking through a couple of dialogs practically begging him not to. But, since the user really, really _wants_ to see the cute kittens, or a naked celebrity, or whatever the trojan claims to be, trojan will be run. No OS can defend against the user being a sucker.

    So, move along, please. Your tirade is totally off topic here.

  7. Re:"The silent majority" is uninformed. by NickFortune · · Score: 4, Informative

    None of those things are with Windows itself though.

    No, but they are Microsoft though - which is what I said in the first place.

    Annoyances.org isn't the collection of old ladies you discussed

    You're right, I just used it as a loose example. I'd be more specific about the complaints, but I wasn't expecting a test, and I forgot to make notes. All I can do is report what I remember from the show.

    I'm willing to be quite a bit of /.ers post over there, so I doubt its unbiased.

    meh. It's a support forum, not an advocacy site. It's not so much "Microsoft sucks" as "what do I do when when the registry fills up?". You don't get a lot of penguin heads there because... well, because we all use Linux and it's a windows support forum.

    Annoying things are hardly a reason to HATE MS though.

    Hatred isn't a rational act, though, is it? I mean, most people don't wake up in the morning and say "now who shall I hate today? Who is the most rational target for my hatred?". It's not like that. On the other hand, there's no shortage of people who think "if that computer crashes and loses my document one more time today, it's going through that window..." My point is that a lot of the things I heard cited as inspiring this hatred were typical MS grumbling points.

    And if it's a good enough reason to hate computers, it's good enough to hate Microsoft. It's just a question of education ;)

    I'd also have to think that the group would find a whole new slew of anoyances with Linux as well.

    Oh quite possibly, although the latest Ubuntu is getting very good in that respect. But they'd be spared the malware, and the viruses and the worms... which is the starting point for this discussion.

    (does YouTube work w/Linux?).

    Yes, perfectly. At least since flash 9 was released for Linux.

    --
    Don't let THEM immanentize the Eschaton!