Storm Worm Rising

The Storm worm has been an increasing problem in the last few months, but a change in tactics may mean something big is going to happen. The article discusses a bit of back story about the worm, including the somewhat frightening numbers about the millions of spam emails carrying the worm payload. They estimate between a quarter and a million infected systems usable for spam or DDOS attacks.

Microsoft is going to lose big

[athloi]

If they can't find a way to reach customers and get them fixes for the rampant insecurity of these machines that are compromised. The silent majority of customers are getting frustrated with this sham of a performance, and while saner heads recognize that Redmond does a lot right and some wrong, the emotional response is going to shove them out of dominance in operating systems. Maybe that's why they're better on spacy Web3.x "cloud" and "distributed OS" technologies instead of what made them big, which was getting things done the hard way consistently.

NO!

[everphilski]

Shouldn't everyone be blocking .exe attackments at the MTA?

NO! It's annoying enough that Google rapes through my .zip files looking for .exe's.

If I'm working on a c++ program at work and zip it up and gmail it home (lock the computer while it uploads) and forget to 'make clean' ... I don't get my code. I know its nitpicky and a make clean or a thumb drive will cure my problems but I'm forgetful which tend to preclude both.

"The silent majority" is uninformed.

[khasim]

No. "The silent majority" believe that this is the way computers just "work".

They've been shown that in countless movies and TV shows and by "experts" on the news.

They're the ones you see claiming that Linux and Mac's will have the "same problems" as their market share increases.

With all the past outbreaks on Windows machines, anyone who wanted to migrate has already started their migration. This won't change anything for anyone else.

Re:"The silent majority" is uninformed.

[Stefanwulf]

They're the ones you see claiming that Linux and Mac's will have the "same problems" as their market share increases.

Out of curiosity, what aspects of the OSX/BSD and Linux architectures are going to stop:

• An uneducated user from executing a binary file they download from a URL they are given
• A process that user is running from executing further code with that user's privileges
• That user's processes from making outbound TCP/UDP connections
• That user's processes from accessing an SMTP server to send emails
• A user from configuring a process to run on logging in

By my thinking, that's really all that's needed for a botnet to work on a given platform. I am certainly ignorant of many details regarding the BSD/Linux kernels and I stand ready to be corrected, but I believe I've seen all those things happening individually as part of day to day user life on my linux box.

Re:"The silent majority" is uninformed.

[pjbgravely]

All of the Linux distros I've seen pack in much more than that, which seems like overkill to me. I'd also have to think that the group would find a whole new slew of anoyances with Linux as well. Especially if they can't playback music or watch videos (does YouTube work w/Linux?).

Why wouldn't YouTube work with Linux? YouTube runs on Linux. http://uptime.netcraft.com/up/graph?site=youtube.c om
There is a Linux version of flash, it was behind for a while but YouTube still worked even then. I have no problems playing videos on Linux, I do have problems with friends using Microsoft Windows playing anything I send them that isn't a Microsoft Windows media player file.

Re:How are these numbers calculated?

[IndieKid]

Yeah I just read that. If 20 million e-mails (according to Joe Stewart in the article) have been found and he estimates that 250k to 1m machines are infected, that implies that somewhere between 1 in 20 and 1 in 80 of the machines he's looked at are infected. I'm assuming somewhere in the middle is what he actually discovered before applying a margin of error - so 1 in 50. I wonder how many machines he actually checked? 50? 500? Were these machines known to have received the e-mail or just random machines?

All I'm saying is that I doubt the methods used to estimate these numbers would stand up to close scrutiny. That's not to say this isn't interesting (the number could be higher than the estimate after all), but I'd rather the article just said "we don't know how many machines are infected, but it's likely to be a lot".

Mandatory Disconnect of Infected Computers

[BoRegardless]

Make it a Federal Law that ISPs must disconnect infected computers, and users would be forced to fix things very quickly.

Then if a botnet attack comes, turn off the overseas pipes as needed. Yeah I am a dreamer, but I am at least half way practical.

I don't think we'll ever see a solution...

...until software companies are forced to include normal consumer warranties (as in suitable for purpose, ability to access the internet with better security out of the box) and until individual zombie owners can get charged with "maintaining an attractive nuisance". The software sellers don't give a crap, as they have zero liability because of their ridiculous EULA and because the law let's them get away with it, and big corporations are scared to sue the 800 lb gorilla over this issue obviously-buncha pansie asses if you ask me), and the people who get infected don't care enough to do much about it, as the last decade has proven over and over again. Make it hurt both parties there financially, you'll see better coding and much reduced malwarez. And I could care less if this means much longer release cycles and the engineers take precedence over the marketing weasels and the PHB investor class. It will have to *hurt* those folks deeply in the wallet to get them to enter the 21st century and assume normal adult business responsibility for their alleged "products".

Without those measures, we'll never have any sort of decent widespread security, it will always be too little, too late, catch up crap and the big dogs still raking in the billions for perpetual beta-crapware

Now free software I don't have as much of a problem with, as they don't charge any money for it, but the stuff that costs serious folding money-needs a normal consumer warranty.

Re:I don't think we'll ever see a solution...

[plague3106]

If you're not going to apply it to free software then you shouldn't apply it to everyone. There's only so much vendors can do as well, because a user wants to be in control of their own computer, and may install viruses or bots unknowningly.

Cut the breakline on your car and see if it falls under your car's warranty.

Re:I don't think we'll ever see a solution...

[hondo77]

I believe what we have here is a free market. If you don't like the non-warranty offered by one company, don't buy their product. Buy the one product from a company that does give the warranty you want.

Or one could buy the product that doesn't get turned into a zombie. Thus spake the Apple fanboy. ;-)

Re:I don't think we'll ever see a solution...

[LurkerXXX]

I've seen numerous Apple users blindly type in the administrator username/password when prompted to by a program without having any idea why they needed to. If Apple's market share ever gets high enough to make it a juicy target, there are going to be Apple botnets as well.

Re:What does God need with a starship?

[ktappe]

"Why do you need a botnet that big?" he asks. "You don't need a million [infected computers] to send spam." For spam, a million-strong botnet might be overkill. But botnets can do much more - like launching denial-of-service attacks.

So the question is, who is controlling these botnets and why?

It is possible that the creators of this worm did not have any idea how successful they would be. They may have figured they'd get 5,000 PC's, not 500,000. Now suddenly they have a monster by the tail and are not sure what to do with it.

Re:Question on that article

[anilg]

My best guess is related to the way security companies work (the pay-per-problem model).

The companies that care enough about their security issues are those with critical servers, and many of these use win 2K3.

Storm affecting these boxes would mean quicker detection of the virus, and lesser migration. Without these (and with users who dont update anti-virus signatures very regularly), the virus has a greater potential of spreading. Of course, the author didn't imagine Storm would be this popular, and that this anti-2k3 trick wouldn't really matter.

Re:More information

[just_another_sean]

The examples I've seen of this don't have an attachment. It's a "click here! to view your postcard!" link in the email. Clikcing the link takes you to a site that says something like "We're trying a new feature on our site, please click here if you do not see your postcard". This link is then to an executable which of course prompts you to download or run. It seems to me you'd have to be pretty naive or just plain stupid to click through to the point of infection but I'm guessing a lot of people do...

For me the biggest problem with these is that there is no attachment for AV to pick off and there is hardly any text and no real advertising in the email so our spam filters don't block it either.

Re:"The silent majority" isn't here.

[NickFortune]

Those "grumpy, old ladies" could be running their knitting/sewing machines hooked up to their computer.

They could indeed. Probably not those particular ones however. The show is callled Grumpy Old Women and takes a handful of the BBC's more curmudgeonly female celebs and gives them free rein to gripe about the things that wind them up. Not as good as Grumpy Old Men (IMHO) but that could be down to gender bias on my part.

The "silent majority" however (and no, it's not my choice of phrase, either) don't on the whole do such things. Most of the non geeks I've spoken to use their computer for surfing, p2p, messaging, email or WP. That's not generally a controversial opinion, even among the Redmond faithful.

And trying to address the deficiencies of Linux by saying "but they'll never do that" is just plain ignorance.

If that was what I was doing, (and I don't accept that Linux is deficient in comparison to Windows) then I'd be more likely to use the term "disingenuous". But you know, saying that Windows is better because it has software which little old ladies may someday want to use to program their knitting machines.. well that's like saying Linux is better because they may someday decide to learn C and write their own device drivers. I suppose each argument has merit to the extent that the relevant scenario is possible; I just don't think either probability to be particularly high, which renders the arguments rather less than compelling.

On the other hand, sooner or later someone is going to write a Linux package to drive those knitting machines. Of course windows may get less annoying in the same time frame. But there are people who don't have knitting machines who might prefer not to wait for either occurrence.