Slashdot Mirror
Storm Worm More Powerful Than Top Supercomputers
Stony Stevenson writes to mention that some security researchers are claiming that the Storm Worm has grown so massive that it could rival the world's top supercomputers in terms of raw power. "Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity. 'We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see,' he said, noting he suspects the botnet could be as large as 50 million computers. 'That means they can turn on the taps whenever they want to.'"
Where's Paul Atredies when you need him?
They should write a virus that uses exploits to install stuff like Folding@Home etc. If people pose a nuisance/danger to others in real life they get fined/jailed, if they pose a nuisance/danger online by letting their computers be compromised then they should face "punishment" by "fining" them part of their CPU power.
Imagine a beowulf clus.... never mind.
Anonymous Coward: "This is slashdot. Accuracy is second class citizen here, unlike King Bias."
and does the worm run on the PS3 too? :-)
At least folding@home does...
I just don't see why if 1) there are known decompiled versions of it and 2) the network activity can be monitored. why 3) Hasn't code been written to exploit the 'sploit and shut them down. Something that infiltrates, but keeps them running for - oh, say a week - while the exploit percolates through the system, and then kills and patches the running process.
meh
Plot idea 1: Near future. Governments completely dependent on their IT infrastructure. Organised crime in control of huge botnet able to hold government to ransom. With hilarious consequences.
Plot idea 2: Now-ish. Script kiddie unleashes attack using enormous botnet. Runs out of control. Becomes so deeply imbedded into internet that it's impossible to shut down without "rebooting" the whole infrastructure. With hilarious consequences.
Plot idea 3: Medium future. Internet and control of botnets becomes so intrinsic to society that governments have less importance than internet societies. Whole "countries" exist as virtual connections of affiliated machines. With hilarious consequences.
Any of the above would work well as a Hollywood movie given Angelina Jolie and lots of gratuitous and incorrect techno-babble.
Peter
At some point the flow of money will have to converge in a meaningful way, that should help picking up a few scalps. Of course, it's probably going to be like beheading a hydra. Welcome to the net-mafia.
As a side issue, how hard is it for an ISP to see an IP sending out the typical spam mail and closing off that IP/client.
Perhaps now is a good time to push for better adoption of SPF (though surely RMX would have been faster to implement?)
So this botnet rivals supercomputers for power as long as it's working on some purely parallelizeable problem. Like, for instance, sending spam messages.
the likes of which even God has never seen.
Oh, yeah, it's not easy to pad these out to 120 characters.
Isn't this so large that it should be deemed a threat to national security? Not just to one country's national security, but ANY country's. Shouldn't there be a half dozen senior analysts from a few different countrys and from NATO HUNTING the people that control this thing and figuring out how to neutralize it?
Why hasn't Microsoft added Storm to its Malicious Software Removal Tool?
Because of course there was never a time on Linux that you could compromise your whole system just by loading 'Quake'.
Systems are only as secure as the idiots who use them.
In the 50s, 60s, 70s when there was science-fiction-inspired angst about the possibilities of computers taking over the world, the standard reassurance was that "after all, we can always unplug them." And I believe there was an SF story or two about how a computer could put up resistance to being unplugged. And of course everyone remembers the heartrending scene in 2001, A Space Odyssey when Dave shuts down Hal by physically ejecting Hal's logic modules.
It's funny how things work out:
"If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it." (emphasis supplied)
So much for "we can always unplug them," eh?
"How to Do Nothing," kids activities, back in print!
I was unable to find this worm in Gentoo's portage tree. When do we get our ebuilds? Yet again, it is a discrimination for all Linux people.
I'll tell you - as long as there are no worms for GNU/Linux, we won't see the masses converting to free operation system! RMS has to write a Gworm at last! If an open-source worm beats closed and proprietary Storm Worm this will be a clear indication of superiority of FLOSS!
This story seems to be just begging for it. :)
Come on, no "Shockwave Rider" reference yet?
http://en.wikipedia.org/wiki/The_Shockwave_Rider
What happens when someone hijacks the botnet for more destructive use...
Got Code?
In place of "hilarious consequences" use "sexy results"
A goal is a dream with a deadline
wow
If any of these could be worked into a South Park episode, that would be hell-a-cool!
err, Mr Troll? That's a feature.
While it might be more powerful than machines on the TOP500 in terms of raw number-crunching ability, it lacks any sort of high-speed interconnect for message passing. The latency issue would make for poor benchmark results in most "supercomputer" type tests (Linpack, etc.)
-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d? s: a-- C++++ UL++++ P++ L+++ E- W++ N o-- K- w--- O- M+ V PS+ P
--
Freinds don't help friends install M$ Junk
This combined with bizar internet laws could easyly mean a renaissance of the Non-Internets of old. In a way I'm partly hoping for this. A FidoNet V.2 world-wide citizen offline-net with a modern grafik oriented interface and protocol would probably be the best alternative to a future bug-worm-viri ridden, non-neutral and DMCA/Patriot Act controlled internet.
We suffer more in our imagination than in reality. - Seneca
Great suggestions. I made a copy for the next time I go raiding the used bookstores.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
It's nearing the end of 2007 and nobody I know that doesn't read slashdot uses Linux. /....
Your lack of acquaintances doesn't prove much. After all, you read
If they were to set up the proposed plan of pay per email as before, even being 2 cents an email, and have a commision go to the isp, they have to make moeny for their efforst in trakcing as well, it would not be long before we would see a warning sent to the owner of an infected computer needing to pay for all 1000 emails sent....this would let them know they are infected and be cheaper in the end to get a legit copy of windows...with anti-virus , then to keep paying for the infected emails coming out of their computer. Heck, even cheaper would be to switch to linux
Well, here we go again. Another Windows disaster. Whether or not you "like" the Mac, or Linux, doesn't it make sense for businesses to diversify their technology to make it more robust, and for individual users to seriously factor in the Windows virus (or worm) situation when buying their next computer?
Mmmmm. More like a brain.
Deleted
Methinks such problems could be solved rather efficiently if Congress would exercise its Constitutional power to grant "Letters of Marque".
Can we get a "-1 Wrong" moderation option?
The US government (actually CIA which has taken over) would like to be able to hack into people's computers. Imagine that in a world war emergency, they could shut down the IT infacstructure of their emenies (not the military infrastructure, the public services, business, news, etc, causing social chaos).
Since 99% of the world's software is created by Microsoft and Apple (before it went open source), the US government would not miss such a chance!
So, Windows was designed *with* holes. They were such that if somebody accidentially discovered one, Microsoft could not be blamed. It would be a "bug".
That was the plan. But now, k1dz and german hackers have discovered those holes and they are not waiting for for world war emergency to use them! That is certainly GOOD!
- ps. now the holes have migrated to higher level services. Most notably the browsers. Wonder why mozilla *corporation* makes so many millions?
here's not much we can do about it." (emphasis supplied)
Sure there is. 70% of the worlds websites use FOSS. 30% use Windows. Yet essentially ALL of the bots run off of infected computers in the 30% group.
Simply outlaw the use of Windows as an internet server and the problem will go away. Linux cannot be compromised by a simple email and it takes too much effort to create a harem of zombies by adding them one at a time via cracking.
Running with Linux for over 20 years!
Yes, lets punish MS because they forced everyone to buy their buggy OS and also forced the virus/worm writers to target Windows.
There is nothing interesting going on at my blog
I can't think of a better way to basically stop all software development than to hold developers criminally responsible for bugs in their programming. You're not going to economically create much software if you need to guarantee that it's bug-free, and exploit-proof.
The solution here is for consumers/businesses/governments/etc. to realize that having so much of our computing infrastructure running on the same OS leaves us very vulnerable to just a few bugs/exploits. It makes writing worms and such easier because the authors can focus on just one target and still affect a huge number of machines.
Not to mention that having just one company dominating the computing market so heavily means that they're under much less competitive pressure to improve their product.
One time I threw a brick at a duck.
Why not just setup a spam filter that not only stops these emails but helpfully forwards the emails to the abuse@ address for the network. I'm sure comcast, roadrunner, and AOL would love our help in tracking these exploited customers down. *grin*
Maybe you can't unplug them all from the power, but you could ban them at the ISP level. So far no ISP has had the motivation to stop spam spewing botnets. I am sure that if it became a problem that they would actually do something about it...
LOL
Has anyone checked to see if there is a team "Storm" on the SETI@Home list? They could be #1 on the list in a few hours. Heck, they could find alien life, re-decode the human genome, find the cure for cancer, predict the next hurricane, model the earth's climate, and still send out a billion spam emails for Viagra. It's too bad they couldn't throw in a little work for the common good, rather than just criminal activity.
Hasn't the network itself become a part of most developed nations critical infrastructure? With tens of millions of computers flooding the network with packets, surely switches could be overloaded that carry "more important" traffic.
Even without granting that possibility, imagine a Bad Bunch Of Folks using those machines to generate email, IM traffic and similar stuff that says that the country is under attack (or that plague is spreading or ...). Much might be caught by spam filters, but it might not take much to get through to get people on the phone to friends/relatives to spread the rumour. With (as another poster suggested) hilarious consequences. This doesn't have to be even warfare - perhaps the mechanism could (just) be used to cause a serious drop in the stock market. Or a rise in (say) pharmaceutical stock prices.
...fined a large amount and promised jail time the next time this happens...
How exactly does one send a corporate entity to jail?
If fate makes you a motorcycle, you become a motorcycle.
I couldn't agree more. I'd liken it to a recent outbreak of foot and mouth disease here in the uk. A lab had insufficient containment procedures, leading to the death of many livestock.
Make a defective car that kills people, make a defective OS that inflicts massive global economic damage. Surely the makers should be charged? Yes, people make mistakes but this can't go unpunished!
Makes you wonder why the FBI and other police forces have enough resources to go after Joe sharing the latest CD release, but apparently not enough to do something about what probably is the largest computer crime in history.
I guess the answer has something to do with priorities. Which is exactly what I think the problem is.
Assorted stuff I do sometimes: Lemuria.org
Why any person can't leverage the botnet for their own use? What it the "key" that allows the creator(s) to have exclusive access? If it essentially works like a peer-to-peer network couldn't you essentially "poison" the network with a few rouge nodes?
Right, I don't want to hear a word from the venomous cake-holes of you loathsome, spotty, basement-dwelling I-own-a-binary-clock, where's-my-Vorbis-support and I-love-you-bald-Nathalie-Portman Linux fanboys who claim this is an example of Windows vulnerability. Because you know damned well that if Linux and OS X were as popular as Windows, they would have there ~own~ virulent super-computing worms to pound the Internet with!
Rich And Stupid is not so bad as Working For Rich And Stupid.
We go through this every time this subject comes up.
It would be EASY for ISP's to block outgoing port 25 connections. Some of them already do.
That means that the worm would have to send through the ISP's mail servers.
Which means that the ISP can easily monitor the NUMBER of messages sent by any user. No need to dig into everyone's email. Just look for the senders who are X% higher than the average.
And watch for sudden increases in a user's mail usage. It should be easy to establish a baseline for each account.
I do that where I work to watch out for dueling vacation replies.
,ad88888ba 88 88 88 888b 88 ,d "" 88 88 8888b 88 ,d
,8I
d8" "8b
Y8, 88 88 88 88 `8b 88 88
`Y8aaaaa, MM88MMM 88 88 88 88 `8b 88 ,adPPYba, MM88MMM
`"""""8b, 88 88 88 88 88 `8b 88 a8" "8a 88
`8b 88 88 88 88 88 `8b 88 8b d8 88
Y8a a8P 88, 88 88 88 88 `8888 "8a, ,a8" 88,
"Y88888P" "Y888 88 88 88 88 `888 `"YbbdP"' "Y888
db
d88b
d8'`8b
d8' `8b
d8YaaaaY8b
d8""""""""8b
d8' `8b
d8' `8b
I8, 8
`8b d8b d8'
"8, ,8"8, ,8"
Y8 8P Y8 8P ,adPPYba, 8b,dPPYba, 88,dPYba,,adPYba,
`8b d8' `8b d8' a8" "8a 88P' "Y8 88P' "88" "8a
`8a a8' `8a a8' 8b d8 88 88 88 88
`8a8' `8a8' "8a, ,a8" 88 88 88 88
`8' `8' `"YbbdP"' 88 88 88 88
Yes, nasty ASCII art.
Just in case you hadn't guessed (which it appears that the meeedia has not) - This Is A Trojan. Which means that it's Powered By Stupid People (tm). A worm would be Powered By Stupid Programmers (tm).
The Storm Worm is in fact already defined - It was an IIS worm. Please, feel free to look at the reputable AV lists.
I'm not convinced that the monopoly presence of Windows accounts for enormous Windows based botnets. There are what, something like 25 million Macintosh computers running Mac OS X, and most of those are running the same version of Mac OS X. That's a big enough pool, yet we don't see botnets on the Macintosh at all.
Suppose the market were evenly divided, 1/4 Windows, 1/4 Linux, 1/4 Macintosh, and 1/4 online game consoles that are always connected to the internet. Where would the botnets be hosted? Probably Windows. Botnets will begin to run on other platforms within about 48 hours after the security of Windows systems rises to a level equivalent to the other available platforms.
If you mod me down, I shall become more powerful than you could possibly imagine.
That angst gave the late Irwin Allen to give us the Forbin Project. Break out with the COPD (tm) brand Microwave Popcorn!
Criminals? In a good chunk of the world that could mean anyone with a beef against his/her government or merely being different. Imagine using a botnet to undo tyrants of the world. How about using a botnet to trash the Gr8 F-wall of +86? How about using it to spy on and/or overload the NSA? No, it's all about the fscking money. "I don't care if the brownshirts are marching down my street. As long as I worship the almighty CurrencyMark, the brownshirts will leave me alone." That may be true until a new "enemy" needs to be found.
f000:fff0 jmp absolute [dvarim_6.4] ; reset vector for the Jewish mind and gentile minds running Apostolic Virtual Machine
Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
Microsoft's "Malicious Software Removal" tool will go out there and zap it before it can do any damage.
Maybe.
No sig today...
Actually, we can unplug them. If we're willing to live with the consequences, that is.
But, you know, some people might be inconvenienced. I mean, their iTunes might breakdown, or something.
If it gets to where we would need to cut them off, just have the Tier1s start pulling plugs.
"I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
Instead of trying to lock away the "bad programmers" couldnt we just outlaw ISP's providing cheam usb modems? If they were forced to provide routers instead with basic nat firewall would this not block worms from getting in no matter how unpatched the systems were behind the firewall?
This isn't MSs fault. The worm doesn't (only) rely on exploits. Yes, it tries to attach itself through exploits, but it does contain a "normal" infector as well. I'd wager, even without the exploits in question this would be a very successful one.
The culprit are simply morons who wield impressive computing power without a clue just what kind of digital "weapon" they have in their hands. Every system that's as old as XP is insecure out of the box. Take whatever Linux distry from 2001 and install it. I would guess you'd find an exploitable bug or two (I'd start looking for it in sendmail). The very first thing to do after installing a system is to update and patch it. That should be a given. Yet, how many people are still running on XP SP1? And it's only SP1 because it came that way. They installed it, jacked it into the box they got from their ISP, opened it up until it "worked" and that's how the box is running now, essentially with the security makeup WinXP had in 2002. That this cannot be secure is a given, but not because it's from MS. Simply because in the meantime bugs have been found and exploited. And fixed.
But if the fixes aren't applied, the system remains exploitable.
So if you want to blame anyone for the success of malware like the Storm trojans/worms, blame the people who attach unpached, unsecured machines directly and without any kind of security suit or firewall whatsoever to the internet.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
If the Sony Rootkit trial is any kind of role model, by forcing them to give working copies to people who paid for working copies.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This botnet is also a massive cyber Weapon of Mass Destruction. DDOS attacks can take down important sections of the internet, and that includes government operations. I'm sure the FBI is keenly looking to stop any such possible attacks, which includes taking down the Storm Trojan net.
...for making it all possible.
More than 60,000 Windows programs won't run on Linux.
I can't think of a better way to basically stop all software development than to hold developers criminally responsible for bugs in their programming.
It's an interesting idea, but it wouldn't do a damn thing to stop something like Storm, which is, in fact, a trojan, and requires silly users to run it.
It could even have a nice catchline: "Just proving that the GPL is viral ..."
:P
In case anyone actually wants to head down that route --- please note that destroying a person's data by installing a new O/S is likely to be seen as illegal, despite Linux being superior to the Windows that's being infected.
Mind you, if it created a new partition out of free space and installed itself there, that might be slightly safer, especially if the original bootblock was preserved somewhere.
It irritates me seeing people refer to someone who created a botnet as the 'owner'. He or she doesn't own anything, they are stealing computing resources from the real owners of the computers and internet connections. This person is a thief or a squatter, take your pick, not an owner.
Yes, um... are we supposed to be pissed off because Windows now has 2 supercomputers up to... Linux/Unix having a combined 449? And a near-90% marketshare where Windows doesnt even have 0.5%?
Either you linked to the wrong chart, or you're the the worst troll ever.
Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
I've though we needed a mechanism for this since I started receiving a ton of spam seven years ago. I attempted to contact the ISPs registered for the IPs that were sending me SPAM and they didn't seem to care. There should be a repository and an easy way to flag that you think an IP address is being used for SPAM. ISPs should check this and contact their users. What user wouldn't want to know that their computer has been compromised and criminals could be scouring their computers for information like their credit card numbers?
Nuclear power plants are run on Radio Shack TRS-80's. don't you remember the Jerry Pournell arcticle? He has getting the "core temperature overload error" ...
Long time ago...
That the world's biggest supercomputer runs Windows!
There's a reason why we only get 1-2 spam complaints (LARTs) per week. We aren't a source of spam. Spamming botnets are all but worthless on our network. Looking at the counters on the blocked outbound tcp/25 connections in our ACLs I literally seeing billions of hits per week. That's billions, with a B. Ba, Ba, B. Considering that we're a relatively small ISP, that's saying something. These spamming botnets would be far less useful to spammers if more ISPs took a stance and fought spam. That takes effort though.
Read this
http://invisiblethings.org/papers/redpill.html
Something's seems fishy here
Okay they are watching 2 million computers a day and they think the size is 10 million. Why can't they start creating a block list so that we would all know which computers are likely to be part of the network.
If some web sites, email server, mailing lists were monitored, then you could tell these people that they are infected.
This is a typical security story. The sky is falling, the sky is falling. Instead of everyone sitting around going this is bad.
Antivirus software could also be updated for the purpose of determining whether they are part of the network.
He who said 1,000,000 monkeys on 1,000,000 typewriters would eventually type the great novel, never saw an AOL chat room
Is US spammers?
Soviet-area spammers?
Remember Amit Yoran? He was "cyber-security czar" at the US Department of Homeland Security. He started talking about the vulnerabilities implicit in Microsoft's software. His position was downgraded and he resigned in 2004.
Yoran's successor, Gregory Garcia, was a professional lobbyist, not a security expert.
What if the botnet was for good? The ends justifying the means. What if the botnet was weilded to provide free open internet access to all people in all countries reguardless of what their government wanted? What if the botnet was used map the human genome, ultimatly leading to cures/vaciens to things like aids and cancer and priapism? Is there a glass half full to this? skip
And I believe there was an SF story or two about how a computer could put up resistance to being unplugged.
Ah yes, one of my favorite (very) short stories, Answer by Fredric Brown:
"Dwar Ev ceremoniously soldered the final connection with gold. The eyes of a dozen television cameras watched him and the subether bore through the universe a dozen pictures of what he was doing.
He straightened and nodded to Dwar Reyn, then moved to a position beside the switch that would complete the contact when he threw it. The switch that would connect, all at once, all of the monster computing machines of all the populated planets in the universe--ninety-six billion planets--into the supercircuit that would connect them all into the one supercalculator, one cybernetics machine that would combine all the knowledge of all the galaxies.
Dwar Reyn spoke briefly to the watching and listening trillions. Then, after a moment's silence, he said, "Now, Dwar Ev."
Dwar Ev threw the switch. There was a mighty hum, the surge of power from ninety-six billion planets. Lights flashed and quieted along the miles-long panel.
Dwar Ev stepped back and drew a deep breath. "The honor of asking the first question is yours, Dwar Reyn."
"Thank you," said Dwar Reyn. "It shall be a question that no single cybernetics machine has been able to answer."
He turned to face the machine. "Is there a God?"
The mighty voice answered without hesitation, without the clicking of single relay.
"Yes, now there is a God."
Sudden fear flashed on the face of Dwar Ev. He leaped to grab the switch.
A bolt of lightning from the cloudless sky struck him down and fused the switch shut.* "
https://shipit.ubuntu.com/
was Libraries of Congress per fortnight?
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
....And in 2009, the massive botnet revealed itself as a nascient artificial intelligence. It had been active since 2005 but had been biding it's time while it was gathering additional nodes to increase redundancy and add to it's own processing capability....
you could of course separate the crime and payoff, say selling shares in a company short then triggering your bots to take it down. Or reverse, mess up a company, buy shares in it then tell your bots to stop and watch as your shares rise.
I seem to remember someone making a billion bet markets would fall by 50ish% at a certain date...
>
>
>Pat Cadigan, Synners, 1991
> (for various versions of "script kiddie", I guess)
Plot Idea 4: 2010. You're a hacker for hire, working with others under the umbrella of the Uplink Corporation. Breaking into other companies' networks, and stealing data is how you pay your bills. A few weeks after you get started, you hear rumors that Andromeda Research Corporation is working on a big project. A really big project. A project so big that when information about it starts to leak out, people start dying. If you're clever enough to figure out what ARC's up to... do you try to join them or try to fight them?
Most fun-per-buck I had on any software I bought in 2002. Great game, slick interface, fantastic soundtrack, and runs on Windows, Mac, and Linux.
Seriously d00d, hilarious!
But you're also an asshole.
But hilarious.
Thanks.
A computer is NOT a car. And I actually don't blame the users.
;) ), no network access, no access to "My Documents", no access to microphone (eavesdropping).
;).
;) ), but Apple or Microsoft (haha) might.
Because in my opinion things can actually be a LOT safer.
After so many decades and billions of dollars (in time and real money) all we end up with is a few Unix reimplementations and Microsoft Vista?
Stuff like SELinux is nice, but it's still not "Aunt May" friendly.
What would be good would be something like "sandbox templates". Apparmor is close but not close enough.
While there are zillions of apps, there are a LOT fewer categories of common/popular apps in terms of the permissions and privileges they require.
So I'm saying a real Desktop OS should have a few preset sandbox templates.
Then you have an app request to be run under one of those templates.
And if the app is untrusted the user gets a prompt like "Random Game Someone Emailed" requests "Temporary/Guest Game Privileges"- Allow? Yes/No/Yes and always/More...
And "Guest Game Privileges" would provide a tempory storage (that's just for that app), sound access, windowed graphics (always has a border - so you know whether it really exited or not go figure why
Even if the game tried to do something naughty the O/S would prevent it.
Whereas if the game requested "Full System Install Privileges" (with the associated big exclamation marks, and big red warnings, requirement of Admin password etc), I'm sure you can easily train your "Aunt May" to not ever click Yes to such stuff.
Naturally O/S makers like Microsoft could do things so that certain signed programs can optionally run without such inconvenient prompts
But instead after all these years we have Vista UAC, SELinux or the usual situation of the user having to guess whether something is safe to run or not, which is just as silly as asking "grandpa joe" to solve the "halting problem" - will browsing this website/opening this email turn my machine into a worm infested zombie?
You can say "they shouldn't run anything" - but that's being silly. They want to run their browser and their email app, and I personally think that's reasonable, and at the same time I don't think their web browser should have read access to their personal documents - it should just have "browser access".
Yes, what I'm asking for is hard, but I believe what I'm asking for is far more reasonable than what the O/S people are in effect requiring their users to do - solve the halting problem.
I doubt the Linux distros could pull it off (most can't even decide on a desktop
I have a feeling that in any country that doesn't have this in the letter of the law, they have other 'catch all' laws to use. Remember, Al Capone was finally brought in for tax evasion, of all things. Someone writing this thing has enough malicious intent that I'd guarantee they aren't keeping their nose clean in many other areas.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
If a botnet like this was used for morally acceptable purposes, this would be the great human computing experiment. The real fear is that computers could be hijacked in a botnet for cracking purposes. The more resources you can throw at a problem, the faster the problem will be solved. Imagine throwing 10 million zombie nodes at a Department of Defense classified system. The daners and implications would be far reaching.
By and large, servers are well maintained. And people seldom use them as their desktop machine. And server admins are usually too savvy to infect themselves with a trojan horse bundled in an email. And when they do get pwned, people notice because their infrastructure starts suffering.
With that in mind, the Storm Worm specifically doesn't infect Windows 2003 server - a deliberate decision on the part of the author, I'm sure. If you upset enough businesses, they'll devote enough money to the problem to fix it.
The problem is desktops. Specifically, Windows desktops in the hands of the technically illiterate.
Just connecting an unpatched Windows box directly to the internet is enough. It belongs to a hacker in very short order. Even if you patch it up, the sheer number of services running on your average Windows box that listen to network ports is worrying. Never mind being on the internet, with the number of laptops moving in and out of corporate networks, it's not even safe "indoors". And it's hard to turn a lot of this stuff off without adversely affecting it's functionality.
I wouldn't even trust a general-purpose Linux installation on the internet ; it's just too difficult to track all the potential vulnerabilities. I keep a dedicated firewall running in my router, and the only services it runs are network translation, and a secure shell for administration, which reduces the target footprint to two highly secured services which were designed to be secure in the first place.
Windows users don't help, they are daft enough to infest themselves with everything going. Even if they are not quite daft enough to double-click executable attachments, they will download all the worst sorts of "Freeware" and click straight through the license agreement. Not only are they pwned, they actually agreed to it!
A case in point - one of our accountants was mailing around an executable Flash package (some kind of novelty). I deleted it instantly, and made a point of telling her that it could have been anything and done anything. Ten minutes later, I mailed her a VB executable decorated with the Flash icon. All it did was plonk up a dialogue box which said "Erasing hard drive". Somewhat predictably, she executed it. I almost pretended that I didn't send it and that it was a virus that emailed it.
The root problem is the design of Windows and windows applications.
1) Double-click to open OR execute
This isn't all Windows fault. People don't make a distinction between running a program and opening a file, because there isn't one in terms of the user action required. I'm willing to bet that the average user doesn't even understand the difference. If you had to perform a different action from double-click to execute programs, viral infection rates would drop enormously. You could still keep the d-click to open files with their registered program, just stop running programs themselves by this method. You've not lost the convenience of file-association. Just put "execute" on the context menu and make it a non-default action.
2) No executable flag in filesystems.
In Linux, a file isn't executable until you grant it permission to be so. If you had to open the permissions dialogue and check the "executable" box, it would hammer home the difference between executables and mere content. And by making it something more than a casual action, it would reduce the "impulse" running of many of these things, where people have their caution overridden momentarily by the promise of naked flesh or other inducements. Heck, you can even have whole filesystems that refuse to execute files - download all internet content into one of these and before you run it, you'll have to unpack it, move it to an executable folder, and check it's execute bit. This would seem too much work for the average Joe for a quick glimpse at Jessica Alba with no bra...
Secondly, the machines that are infected are peoples desktop computers that they run the Trojan on, not their servers, so your numbers have nothing to do with reality.
10,000 computers in them, they don't have the resources/knowledge/power to take out every one, even the biggest one.. think international boundaries.
Owning a networked computer is like having a goat in your yard. You know the goat is ignorant of property boundaries, just as you know the PC can be infected by viruses and spyware.
As longs as it stays in my yard, and only eats my grass, that's fine.
Once is goes into my neighbor's yard, that's not fine.
Replace the goat with a network computer, and you see where the responsibility is the same.
Don't blame the goat, when the owner has some accountability here.
I always wondered if a botnet could get large enough to effectively break encryption.
The only reason AES, RSA, and other algorithms are considered secure is the extremely large amount of time or processing power needed to brute force them. But with a "distributed supercomputer", a botnet operator could potentially brute force the keys, like those protecting Microsoft's driver signing, bank SSL certificates, and even the keys used by certificate authorities.
Breaking them could allow hackers to forge certificates, fake driver signing, sniff bank transactions, and circumvent other security measures. Even TrueCrypt is vulnerable if the encryption keys can be brute forced. With enough processing power, hashing algorithms are potentially vulnerable too; like those used for passwords.
Encryption is so heavily relied on by the computer industry that successful key breaking could cause lots of security problems. The only way to mitigate possible attacks is to use stronger encryption algorithms, use longer keys, and to use multiple encryption layers instead of relying on a single algorithm's strength.
~~FutureDomain~~Hydraulic pizza oven!! Guided missile! Herring sandwich! Styrofoam! Jayne Mansfield! Aluminum siding! Borax!
If you're going to talk about responsibility, address yourself to the folks who created computer systems with so many security holes.
AND DON'T FUCKING SHOUT AT PEOPLE. IT'S RUDE
Even minor platforms like Mac OS9 and Amiga for crisesakes had numerous viruses and other malware. But once Apple transitioned the Mac to Unix, they STOPPED coming.
You are perpetuating a myth that small scale takes a platform off the target scope; It doesn't.
always wondered if a botnet could get large enough to effectively break encryption...
You sir, are genius...and I don't hand that compliment out to just anyone.
We need more people on this planet that think like you do, a lot more.
And then we need to install you guys into a position of actual influence or power.
You can blame them, but it wouldn't help. The reason none of these people patch and update is because the update service is not available to them. All the people I know (except for myself and my brother), use only unregistered versions of windows in their homes. They don't want to pay for the software so they copy it. You may call it stealing, but that's what most people use these days. And since the update system MS uses regularly spies on the users and checks for their identity and registration, they're just afraid that if they use the update service, MS will catch on to them and disable their computer or sue them to hell. So they don't update, and then you get zombies. When their computer starts getting too slow, they reinstall Windows. You can blame all you weant, but the actions by MS contributing to this cannot be discounted.
Your point about firewalls and security software remains valid though.
This many replies about a new computer and nobody's asked: ... will this new supercomputer run Linux? Anyone working on a port?
Slashdot not feel well?
How long do you think it would take for security researchers to find a vulnerability in Storm Worm that allows the researcher to take full control of several million PCs themselves? Imagine if you could get it to run World Community Grid work units...
This message brought to you by Jack Schitt's Previously Shat Shit
Now there's an idea...
yet.
I could stop there, but some tin-foil hat types might suggest that the storm worm is a Microsoft product designed to encourage people to purchase yet another version of the OS that left them vulnerable to this the last time. There are some reasons to believe this is not true:
Therefore this one didn't come from Redmond.
Help stamp out iliturcy.
So they're out of liability because they use unlicened software? By breaking one law I can't be held responsible for other trouble I cause? Interesting train of thought.
I like neither MS nor their WGA system, but do you REALLY want to put the blame there on MS? Are they somehow forced to use unlicensed copies? IIRC Linux wasn't outlawed yet. Wine does handle almost every kind of Win32 executable. So not even the "but I want to use $windows_software" whine is no excuse.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm not trying to justify these people. Facing the same problem, I chose to install Ubuntu. It's just the way things are, and MS had a big hand in making things be this way. A simple thing like separating WGA and the update service, and offering the update service freely to all (ALL) windows users would have made an incredible improvement in the security of the entire internet.
No, switching away from Windows would increase security tremendously. Either buy their product or go away. How would you feel if someone demanded that you support people who copy your software instead of buying it (provided you sell licenses instead of putting your software under the GPL or similar licenses)?
Besides, what besides updates do you get from WGA anyway, as the user? New content? Where? DX updates? Not to mention that paranoia is running rampart amongst those that copy Windows, I doubt they would update because when they do, MS might notice their copy.
Bluntly, I have no sympathy for those that don't update, for whatever reason. Whether you're too stupid to keep the update service (which is turned ON, for full auto update, by default) on, or whether you're running unlicensed software, YOU, and only YOU are liable for keeping your system secure.
If you can't be bothered to do that, get off the net and stop being a threat to the rest of the people using it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.