Storm Worm Rising

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Wednesday August 8, 2007 @03:33AM from the goggles-do-nothing dept.

The Storm worm has been an increasing problem in the last few months, but a change in tactics may mean something big is going to happen. The article discusses a bit of back story about the worm, including the somewhat frightening numbers about the millions of spam emails carrying the worm payload. They estimate between a quarter and a million infected systems usable for spam or DDOS attacks.

8 of 218 comments (clear)

Min score:

Reason:

Sort:

How are these numbers calculated? by IndieKid · 2007-08-08 03:37 · Score: 5, Funny

They estimate between a quarter and a million infected systems usable for spam or DDOS attacks. 0.25 to 1,000,000 is a pretty large range.

Seriously though, how does one go about estimating these numbers? Is it something as simple as an estimate of what proportion of infected e-mails are expected to result in an infected desktop? I doubt that would give a very accurate figure.
1. Re:How are these numbers calculated? by httptech · 2007-08-08 03:56 · Score: 5, Informative
  
  The estimate is based on the number of unique IPs we've seen attacking networks we monitor, coupled with our knowledge of how the Storm botnet works. We've seen up to 100,000 bots sending the attack (the ecard spam) in a single day. Storm is a multi-tiered botnet, meaning that not all the bots are tasked with sending the emails. Some are supernodes (first-tier), designed to serve up the ecard executables via HTTP and facilitate communication between the regular (second-tier) nodes. Another factor is that some second-tier nodes will never be seen attacking, since they may be behind firewalls that block port 25 outbound or at an ISP that is doing SMTP blocking, so they may be part of the botnet but difficult to count.
  
  In reality, the only source that can give you a precise count for the Storm botnet is the Storm controller - and he/she's not talking. So we do the best we can at estimating its size given the data available.
2. Re:How are these numbers calculated? by ObsessiveMathsFreak · 2007-08-08 04:08 · Score: 5, Funny
  Seriously though, how does one go about estimating these numbers?
  
  1. Roll 2D6
  2. Take the number rolled, and multiply it times the number of worm messages that have arrived in your inbox.
  3. If your computer is actually infected, square the result.
  4. Play a game of Solitare
  5. Add your final score to the result
  6. Divide the result by your Boss's vigilance.
  7. Make a saving throw against discovery, and multiply the result by 1000
  8. Round up to the nearest 100,000
  9. Publish
  10. Profit!
  
  Lower bounds are trickier as they will require you to actually care about what you're doing.
  --
  May the Maths Be with you!
Naked teens attack home director by tttonyyy · 2007-08-08 03:40 · Score: 5, Informative

Now I've got your attention worm style, click this link for more information:

http://en.wikipedia.org/wiki/Storm_Worm

--
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
that is why by clubhi · 2007-08-08 03:45 · Score: 5, Funny

That is why I always do my online banking BEFORE I browse for porn
Maybe there's a silver lining here... by Novae+D'Arx · 2007-08-08 03:47 · Score: 5, Interesting

I dunno - maybe this is what we need ~ a botnet big enough to do some real damage could actually catalyze some public awareness. Imagine if they DDoS'd MS, or Amazon, heck, Google? Maybe these guys (esp. Google) could handle this kind of slamming, but they've got lobbyists now. I really wouldn't mind seeing a well-funded FBI task force with the express purpose of rooting out botnets and going after their creators. Yeah, yeah, most of them are not on US soil. I know. However, imagine legislation that actually required the disconnection of infected bots from an ISP until it was cleaned, and a public awareness campaign that painted users who allow this to happen as idiots, and the ISPs as protectors of the rest of the internet users. Most people are concerned that there would be a backlash against the ISPs and they would stop complying for fear of loss of business, but that's where the legislation comes in. It's a quarantine situation - just like IRL, if you've got something nasty and contagious, the CDC can legally quarantine (forcibly, if you're an idiot like the TB guy) you because you're endangering the lives of others by going out and exposing them. Same thing here - don't give the botnets a chance to expand, cut them off, force a windows-cleaning (ISPs could offer a cleanup disk, $5.95 plus tax, or something, to help make it worth it for them - don't want to hurt the small ISPs, even though I think TW and the rest are bastards), and let them reconnect afterwards. Simple, painless, and will definitely make sure people learn their lesson for next time.
Re:Removal Tool by ben0207 · 2007-08-08 03:49 · Score: 5, Funny

No fukcing way am I going anywhere near a site called Team Furry.

The goggle really might do nothing.

--
cmd-q.co.uk - some sort of stupid fucking internet bullshit
Military? by wytcld · 2007-08-08 04:25 · Score: 5, Interesting

It's well-known that the Chinese government has an active computer warfare department. A botnet on this scale is way beyond anything needed for mere industrial blackmail. But if you wanted to bring down large chunks of some nation's Internet quickly, without the attack coming from an obvious (and blockable) source, this would be a great weapon. Let's say you wanted to disable the Internet in Taiwan, or South Korea, or Japan, or all three, just prior to military action. Or let's say you wanted to disrupt financial markets to be sure that your intentional crashing of the dollar had maximal effects.

--
"with their freedom lost all virtue lose" - Milton