Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm Botnet Partitions May Be Up For Sale

Posted by ryuzaki0 on from the if-only-they'd-use-their-powers-for-good dept.

Bowling for cents writes "There is evidence that the massive Storm Worm botnet is being broken up into smaller networks, and a ZDNet post thinks that's a surefire sign that the CPU power is up for sale to spammers and denial-of-service attackers. The latest variants of Storm are now using a 40-byte key to encrypt their Overnet/eDonkey peer-to-peer traffic, meaning that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities."

2 of 192 comments (clear)

  1. Re:What is fast flux DNS? by Ant+P. · · Score: 5, Informative

    It means the spammers register a bunch of domain names to spam in their emails, and rotate the zombie PC IP they're pointing to every few minutes. Makes it harder to shut down.

  2. Bruce Schneier discusses the Storm Worm by Zymergy · · Score: 4, Informative

    http://www.schneier.com/crypto-gram-0710.html#1
    A good essay on the Storm Worm and how it works and how it can be prevented (or rather why it CAN'T be prevented in many cases).