Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm More Powerful Than Top Supercomputers

Posted by ScuttleMonkey on from the spamalot dept.

Stony Stevenson writes to mention that some security researchers are claiming that the Storm Worm has grown so massive that it could rival the world's top supercomputers in terms of raw power. "Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity. 'We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see,' he said, noting he suspects the botnet could be as large as 50 million computers. 'That means they can turn on the taps whenever they want to.'"

5 of 390 comments (clear)

  1. STILL NOT A WORM by Dibblah · · Score: 5, Informative

    ,ad88888ba          88  88  88        888b      88
    d8"     "8b  ,d     ""  88  88        8888b     88                ,d
    Y8,          88         88  88        88 `8b    88                88
    `Y8aaaaa,  MM88MMM  88  88  88        88  `8b   88   ,adPPYba,  MM88MMM
      `"""""8b,  88     88  88  88        88   `8b  88  a8"     "8a   88
            `8b  88     88  88  88        88    `8b 88  8b       d8   88
    Y8a     a8P  88,    88  88  88        88     `8888  "8a,   ,a8"   88,
    "Y88888P"   "Y888   88  88  88        88      `888   `"YbbdP"'    "Y888

                    db
                   d88b
                  d8'`8b
                 d8'  `8b
                d8YaaaaY8b
               d8""""""""8b
              d8'        `8b
             d8'          `8b

    I8,        8        ,8I
    `8b       d8b       d8'
    "8,     ,8"8,     ,8"
      Y8     8P Y8     8P   ,adPPYba,   8b,dPPYba,  88,dPYba,,adPYba,
      `8b   d8' `8b   d8'  a8"     "8a  88P'   "Y8  88P'   "88"    "8a
       `8a a8'   `8a a8'   8b       d8  88          88      88      88
        `8a8'     `8a8'    "8a,   ,a8"  88          88      88      88
         `8'       `8'      `"YbbdP"'   88          88      88      88

    Yes, nasty ASCII art.

    Just in case you hadn't guessed (which it appears that the meeedia has not) - This Is A Trojan. Which means that it's Powered By Stupid People (tm). A worm would be Powered By Stupid Programmers (tm).

    The Storm Worm is in fact already defined - It was an IIS worm. Please, feel free to look at the reputable AV lists.

    1. Re:STILL NOT A WORM by VENONA · · Score: 4, Informative

      Parent 100% correct. Though it's easy to see how people can be mislead, as even some of the security sites are calling it a worm. http://www.secureworks.com/research/threats/view.h tml?threat=storm-worm
      gives you some information on how it operates (as of 2/07, and the names of the executables you had to click on to infect yourself have probably changed since then)

      The original storm.worm (2001) attacked unpatched MS IIS servers, and actually was a worm.
      http://www.securiteam.com/securitynews/5DP0B0K4KG. html

      How this got so large is a pretty sad commentary. First off, it's proof that people will still click on attachments without verifying whether they're legitimate. I'm not convinced that any amount of training will ever stop this behavior. It hasn't worked over the *last* ten years, at any rate. Second, several virus scanners would have detected it, if they'd been kept updated. Thirdly, I've seen this running from within a couple of corporate LANs, which implies that even corporations don't always keep anti-virus software up to date, or monitor for P2P traffic, which IMO should very seldom be allowed on a corporate network.

      --
      What you do with a computer does not constitute the whole of computing.
  2. Re:Co-opt it.. remove it. by Twanfox · · Score: 3, Informative

    Device drivers installed and the presence of an 'interface' device between host and guest OS, most likely. At least, I know that VMWare Server and Microsoft Virtual PC 2007 both present a device that, once proper drivers are installed for OS integration, will allow the guest and host to operate cooperatively. Even if the drivers aren't installed, the device is still there and could likely be probed for it's existence.

    Of course, this is just a guess.

  3. Re:Co-opt it.. remove it. by Victor+Antolini · · Score: 3, Informative

    And your guess is correct, a program must simply check for device ID's, for example, the video card. 00:0f.0 VGA compatible controller: VMware Inc [VMware SVGA II] PCI Display Adapter These can't be changed on VMware, but in theory they could be changed in VirtualBox or BOCHS for example.

  4. Re:Microsoft can help, but isn't by Culture20 · · Score: 2, Informative
    Translating for USians (in US English, the verb "post" means to write on a website or common public poster board; it took me a while to realize what you meant. I thought you first meant "have a link to a .iso on the redirect page" which didn't make sense):

    For bonus points, you mail them a bootable CD through the postal system that will scan their machine and remove the infection, so the virus can't intercept the antivirus downloads and break them.