Storm Worm Botnet Partitions May Be Up For Sale

Bowling for cents writes "There is evidence that the massive Storm Worm botnet is being broken up into smaller networks, and a ZDNet post thinks that's a surefire sign that the CPU power is up for sale to spammers and denial-of-service attackers. The latest variants of Storm are now using a 40-byte key to encrypt their Overnet/eDonkey peer-to-peer traffic, meaning that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities."

How long before..

[monk.e.boy]

How long before Storm is better than the Internet?

It seems to be peer-2-peer, can host files, must be reliable (DNS and all that), encrypted traffic.

If you assume Internet is past its sell by date, what would the next generation network look like?

:-)

(OK, maybe it wouldn't be owned by the mafia (insert USA joke here))

Re:Survival of the fittest in action

[Cato]

Here's a small and possibly unrepresentative datapoint from last weekend that would tend to suggest there are a lot of infected PCs out there, some of them with Storm. Basically, 2 of 3 PCs scanned had backdoor trojans and I didn't have time to debug the third PC enough to scan it.

I spyware scanned three PCs belonging to two friends/family households. Naturally, they were all Windows. I used Webroot Spysweeper which is pretty good but costs, and Kaspersky online scan, which is good but slow, and virus only.

- PC 1: infected with various spyware and a backdoor trojan (remote access by the bad guys) - had an up to date antivirus (AVG) that didn't spot any of this, but no anti-spyware installed.

- PC 2 (same network as 1): couldn't even install new software (error on running any new .EXE), ran out of time to debug this so did not install Webroot or any other tools. Also had AVG antivirus, which was up to date, and no anti-spyware. Presumed infected.

- PC 3: (2nd household) - infected with a different backdoor trojan and several viruses. Had Norton anti-virus that had not updated since 2004.

I would assume the average Windows PC has a high chance of some sort of infection, unless the users are very careful about installing third party software, some of which carries spyware or worse, and clicking on links in IE. Even Firefox had spyware on one of these machines.

Windows PCs run by power users (not the users here) can be somewhat secure, but it's painful to make them so. One colleague who's very techie still got infected by a PDF security hole recently, so you need Secunia PSI to run continuously, as well as monitoring some security blogs, and updating software regularly, as well as using a good anti-spyware tool, not using IE/Outlook, etc etc. However, once you are making this much effort, the work needed to install Ubuntu becomes much less of a hurdle - you might as well just switch over one PC so you have a safe PC for online shopping/banking etc.

The only good thing about this story is that nothing very important was being done on these PCs - little online shopping and no online banking... however, that's the users' self-reported status and they may well not want to admit they are at risk.

I don't do this for a living, I'm just a Windows and Linux user who wondered why there were so many popups on one of these PCs and ended up getting sucked into this when I should have been socialising - fortunately anti-spyware scans can run during dinner...