Storm Worm Botnet Partitions May Be Up For Sale

Bowling for cents writes "There is evidence that the massive Storm Worm botnet is being broken up into smaller networks, and a ZDNet post thinks that's a surefire sign that the CPU power is up for sale to spammers and denial-of-service attackers. The latest variants of Storm are now using a 40-byte key to encrypt their Overnet/eDonkey peer-to-peer traffic, meaning that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities."

Slashvertising.

[onion2k]

This slashvertising has reached a new low. ;)

Clever

[Billosaur]

The malware attacks behind this botnet have been relentless all year, using a wide range of clever social engineering lures to trick Windows users into downloading executable files with rootkit components.

Windows has downloaded a new security update. Do you wish to install?

Break the key with zombies?

[ralf1]

Can I buy a partition of zombie PC's and use their processing power to crack the 40 bit key?

Re:Break the key with zombies?

[Silver+Sloth]

40 bytes = 320 bits, which is not feasible to crack with modern technology. Yes, it can, I've read Digital Fortress, the Dan Brown book. What do you mean, that was fiction? Next you'll be telling me the DaVinci Code isn't true!

Just curious..

[What+the+Frag]

... can the partitions be formated with ext2/3 or do have we stick to NTFS?

Re:What is fast flux DNS?

[Wolfrider]

Perhaps it utilizes a flux capacitor - and can thus do single OR double, depending on requirements of the moment? ;-)

Re:What is fast flux DNS?

[shotgunsaint]

1.21 Gigabots? Why, the only thing that can generate that kind of current is... the Storm Botnet!

Rename

[surajbarkale]

It's about time we start calling it Skynet

Re:How can you tell if you are infected?

[Chapter80]

I think the best way to tell if you are infected is to monitor your network traffic. Ideally, from an independent machine watching the traffic. (Not that I have ever done this, but it seems like the most fool-proof method.)

I am up to date with everything (AV, FW, Widows Patches)

What are you up to? Dating patches of women who lost their husband? Yeah, that might infect you! ;)

the point

[commodoresloat]

If 90% of what you get for connecting to the Internet is problems, what's the point? Bile spewing bloggers, bought-and-paid news reports and total advertising awareness? pr0n?

c4v3aT 3mpt0R

[xactuary]

The partition you just purchased is on your own hard drive.

CmdrTaco is behind this

[Experiment+626]

The updates are part of the Slashdot tenth anniversary auction. In addition to the @slashdot.org address and low user id, CmdrTaco has also gotten the operators of the Storm Worm Botnet to auction its use off as part of the charity action.

Some potential uses for the winning bidder:

• No longer will you have to only imagine having a Beowulf cluster of those.
• Create your own Slashdot effect at the push of a button.
• Thousands of Slashdot sock puppet accounts at your beck and call, ready to mod you up, karma-assassinate your foes, or post supportive replies to all the drivel you post.
• Bring the parallel power of distributed computing to bear on problems like cracking DRM, modelling global warming, or ray tracing pictures of Natalie Portman with hot grits.
• DDOS the RIAA / SCO / Diebold / whoever and become an instant Slashdot hero.
• In Soviet Russia, spammers inboxes get flooded by YOU!