Slashdot Mirror
Storm Worm Rising
The Storm worm has been an increasing problem in the last few months, but a change in tactics may mean something big is going to happen. The article discusses a bit of back story about the worm, including the somewhat frightening numbers about the millions of spam emails carrying the worm payload. They estimate between a quarter and a million infected systems usable for spam or DDOS attacks.
Seriously though, how does one go about estimating these numbers? Is it something as simple as an estimate of what proportion of infected e-mails are expected to result in an infected desktop? I doubt that would give a very accurate figure.
Now I've got your attention worm style, click this link for more information:
http://en.wikipedia.org/wiki/Storm_Worm
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
As the publisher of two fairly popular websites, this is something to worry about. Recently all our sites spread across a few dedicated servers in one data center were down. Not because of a direct DDOS attack, but because of a peripheral attack which swamped the network infrastructure at the center. Really, if these guys decided to do more frequent DDOS attacks, anyone could be a target and calling the FBI is cold comfort since in the meantime your sites are down and out.
Newsfollow.com
http://en.wikipedia.org/wiki/Storm_Worm
...names ranging from "postcard.exe" to "Flash Postcard.exe,"...
.exe attackments at the MTA? Also look for a service running called wincom32 on infected machines.
Shouldn't everyone be blocking
That is why I always do my online banking BEFORE I browse for porn
I dunno - maybe this is what we need ~ a botnet big enough to do some real damage could actually catalyze some public awareness. Imagine if they DDoS'd MS, or Amazon, heck, Google? Maybe these guys (esp. Google) could handle this kind of slamming, but they've got lobbyists now. I really wouldn't mind seeing a well-funded FBI task force with the express purpose of rooting out botnets and going after their creators. Yeah, yeah, most of them are not on US soil. I know. However, imagine legislation that actually required the disconnection of infected bots from an ISP until it was cleaned, and a public awareness campaign that painted users who allow this to happen as idiots, and the ISPs as protectors of the rest of the internet users. Most people are concerned that there would be a backlash against the ISPs and they would stop complying for fear of loss of business, but that's where the legislation comes in. It's a quarantine situation - just like IRL, if you've got something nasty and contagious, the CDC can legally quarantine (forcibly, if you're an idiot like the TB guy) you because you're endangering the lives of others by going out and exposing them. Same thing here - don't give the botnets a chance to expand, cut them off, force a windows-cleaning (ISPs could offer a cleanup disk, $5.95 plus tax, or something, to help make it worth it for them - don't want to hurt the small ISPs, even though I think TW and the rest are bastards), and let them reconnect afterwards. Simple, painless, and will definitely make sure people learn their lesson for next time.
Shouldn't everyone be blocking .exe attackments at the MTA?
.zip files looking for .exe's.
... I don't get my code. I know its nitpicky and a make clean or a thumb drive will cure my problems but I'm forgetful which tend to preclude both.
NO! It's annoying enough that Google rapes through my
If I'm working on a c++ program at work and zip it up and gmail it home (lock the computer while it uploads) and forget to 'make clean'
No fukcing way am I going anywhere near a site called Team Furry.
The goggle really might do nothing.
cmd-q.co.uk - some sort of stupid fucking internet bullshit
No. "The silent majority" believe that this is the way computers just "work".
They've been shown that in countless movies and TV shows and by "experts" on the news.
They're the ones you see claiming that Linux and Mac's will have the "same problems" as their market share increases.
With all the past outbreaks on Windows machines, anyone who wanted to migrate has already started their migration. This won't change anything for anyone else.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Let's look at DDoS attacks.
#1. Spoofed IP addresses - not that common anymore. It used to be that you'd tie up a machine by having it send replies to machines that did not initiate the connection. There is a simple solution to this. Anyone assigned a block of IP addresses has to make sure that all outbound traffic references IP addresses on that block.
#2. Thousands of machines eating up your bandwidth - the most common type now. This is where the zombie army each makes continued requests of your machine. For webservers, they can request a page over and over and over until they use up all your bandwidth and legitimate visitors cannot get through. This is more difficult to fix. It can partially be handled by blocking the range of addresses that host the zombies. Such as Comcast and Verizon and so forth. There are more complicated attacks. Such has sending half a request.
There's not much that can be done with #2 until a law gets passed saying that the person paying for the Internet connection is responsible for $X of clean-up charges. Then people will have a financial incentive to look at more secure systems.
It's well-known that the Chinese government has an active computer warfare department. A botnet on this scale is way beyond anything needed for mere industrial blackmail. But if you wanted to bring down large chunks of some nation's Internet quickly, without the attack coming from an obvious (and blockable) source, this would be a great weapon. Let's say you wanted to disable the Internet in Taiwan, or South Korea, or Japan, or all three, just prior to military action. Or let's say you wanted to disrupt financial markets to be sure that your intentional crashing of the dollar had maximal effects.
"with their freedom lost all virtue lose" - Milton
http://en.wikipedia.org/wiki/Storm_Worm I'm interested in something from that wikipedia article; it mentions that the source code to storm specifically avoids infecting Windows Server 2003 boxes. Anyone know why the author would go out of his way to not hit 2K3 boxes?
Perhaps to avoid infecting government servers (and upping the ante, if he got caught)? That's the only thing I could think of. I'm sure there's a very logical reason, but I have no idea what it might be.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
Hi. Worshipper has sent you a greeting card.
See your card as often as you wish during the next 15 days.
SEEING YOUR CARD
If your email software creates links to Web pages, click on your card's direct www address below while you are connected to the Internet:
http://682.81.0.23/?9907cd64e28cae3d7703a3b01bda de (Poster's note: This URL has been altered to protect the rampant mad clickers amongst us)
Or copy and paste it into your browser's "Location" box (where Internet addresses go).
We hope you enjoy your awesome card.
Wishing you the best, Administrator, americangreetings.com"We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
If they can't find a way to reach customers and get them fixes for the rampant insecurity of these machines that are compromised.
WTF are you talking about? RTFA, please. If you actually did that before funboying around, you'd notice that the program in question is not a worm at all, but a trojan. User has to manually run the attachment, probably clicking through a couple of dialogs practically begging him not to. But, since the user really, really _wants_ to see the cute kittens, or a naked celebrity, or whatever the trojan claims to be, trojan will be run. No OS can defend against the user being a sucker.
So, move along, please. Your tirade is totally off topic here.
Do you realize the kind of productivity spike we could get if the 'net was down for, say, a week? One day would be lost to people trying to get back up, admittedly, but then we'd all just start doing work, checking the 'net connection more and more infrequently. After a week, we'd probably run out of work on our desks that didn't need internet lookups, though most of us still have paper catalogs around so it wouldn't be a total loss. Faxing would get popular again, as would phones and voicemail...but no outside IM and email to deal with.
I'm going to call it a net win for productivity and busniess in general. Which means that it's most likely that big business is behind the internet shutdown...and the Storm worm.
Shit, where'd I put that damned tinfoil hat...
Is it just my observation, or are there way too many stupid people in the world?