Storm Worm Being Reduced to a Squall

Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

Re:Spread of Windows

[sakdoctor]

I'd say enforcement of Windows piracy is the least lax that it has ever been.
WGA raises the barrier of casual copying to lusers who's skill wouldn't have been enough to stop them getting pwned by some virus, and being incorporated into a botnet.

Re:Spread of Windows

[$RANDOMLUSER]

Or possibly it's the lax enforcement of security standards by Redmond programmers? Or the lax attitude of Microsoft about all things not directly related to increased sales and world hegemony?

Re:Spread of Windows

It's probably just that the owner of the network doesn't like the publicity and is moving a good proportion of the nodes to less conspicuous means of communication, or even temporarily deactivating nodes. If the secutiry guys manage to disable the main Storm network, they may find that the parts they disabled are no longer necessary for the hacker.

don't be sure

[phantomfive]

The researcher determined this with a spider he created to crawl the storm network. How does he know that the network is shrinking and not just being partitioned?

Furthermore, the storm virus is known to be updatable. Is it possible it was updated to be even less obtrusive, thus escaping detection in other ways? Maybe it has gone into dormant mode, because the creator doesn't need so many computers at the moment.

One interesting innovation of the worm, quoted from the article:

"If you're a researcher and you hit the pages hosting the malware too much... there is an automated process that automatically launches a denial of service [attack] against you," he said. This attack, which floods the victim's computer with a deluge of Internet traffic, knocked part of the UC San Diego network offline when it first struck.

I think some part of me must be sick or something, because when I read about this I almost hope the worm will get bigger, become unstoppable, and reveal windows for the insecure piece of crap that it is. Linux, BSD, OSX, Solaris, and heck even Minux could clearly stand up to a threat like this much more easily than Windows.

Re:don't be sure

[John+Hasler]

> I think some part of me must be sick or something, because when I read about this I
> almost hope the worm will get bigger, become unstoppable, and reveal windows for the
> insecure piece of crap that it is.

Already been done. Nobody cares.

Re:don't be sure

[phantomfive]

Heh, I knew someone was going to trot out this old troll. The point is, it would be much easier to secure unix-type systems than windows-type systems. Compare Microsoft's budget to that of OpenBSD; now tell me, which is more secure?

For it to be effective as a virus, it is going to have to install itself to startup somehow. What is going to do, add a line to my .bashrc? Add a script to /etc/rc.d? It can't do that, only root can, and I don't browse the internet as root. Nobody does.

You may say, "it will prompt you for the password and idiot users will just type it" but you are showing your Windows bias. On windows, you get so many popup prompts that many users just ignore them and do whatever they ask. OSX has shown that it can be done differently, however. Ask any average OSX user what they would do if a downloaded attachment asked them for their root password, and they will say something to the effect of, "Freak out and delete it immmediately." It's because the warnings and prompts in OSX don't become annoying.

Security on Windows is hard. For any vulnerability, it takes a lot more effort to fix on Windows than a similar vulnerability in a Unix system. In unix-world, fixing the OS is an option.

Re:Spread of Windows

Thats part of the problem. One of the ways they protect against privacy is keeping you from getting updates. This leaves unpatched pirated systems out there. Since there is no real legal threat for the average user the only real motivation for a person to get a legit copy is so they can get security updates easily. Joe Six Pack is just going to borrow that pirated copy of XP his buddy picked up at a flea market. OP brings very valid point

Re:Spread of Windows

[ILuvRamen]

if everyone used Mac OS or a Linux distribution then malware makers would target them. They only target windows cuz it's popular. Come on, everyone knows that.

Mac and Linux users

[gillbates]

Just breathed a collective sigh of relief...

Oh wait, maybe they were just rolling their eyes and sighing. Honestly, don't mean to troll, but you Windows users put up with so much trouble an annoyance just so you can avoid learning how a computer actually works...

Methinks you guys would be better off just biting the bullet and switching. Sure, Macs are more expensive, and Linux has a steep learning curve, but isn't it worth avoiding all of the frustration you're going experience over the rest of your tech lifetime? Or are you one of those folks who relishes the semi-annual Windows reinstall? Perhaps you like paying an annual license fee to keep your computer from getting infected with a virus?

When you think about it, even if you don't factor in the cost of your time, Microsoft Windows systems are easily the most expensive systems to run on the planet, and the least useful (unless you expect your corporate users to play games all day...) Microsoft has been leveraging fear of the unknown to blackmail and intimidate non-technical users into supporting their monopoly, and the only winners I see in the whole thing are Microsoft and Intel. The users aren't any better off, and sysadmins risk their careers (not to mention their marriages!) on the capricious reliability and security of Windows systems.

But I guess that's why there's an old saying: Fool me once, shame on you. Fool me twice, shame on me . Microsoft fooled me once. I'm not getting fooled again.

Re:Mac and Linux users

[TheRaven64]

Just breathed a collective sigh of relief... Oh wait, maybe they were just rolling their eyes and sighing. No, we get spam from Windows zombies the same as everyone else.

Re:Mac and Linux users

[Torvaun]

Windows can be secured. I've got an XP desktop for gaming, and I run Linux on my laptop. Neither of them get viruses. My protection suite is all free software, so there's no annual fee there. And, if enough regular people switched to something with a Unix base, they'd have virus issues too. There are viruses and rootkits for systems other than Windows. They aren't prolific because the average moron who clicks everything is on Windows.

Yes, those systems are more secure than Windows. No, they are not secure enough to deal with the assault of a wave of moronic users. Feel free to dream of an exodus away from Windows, but understand that nothing will change, even if your dream comes true.

Re:Mac and Linux users

[creativeHavoc]

I wonder how many slashdot windows users are infected. I would venture a guess that there isn't very many. Computers are as smart as their users in a lot of cases, and most often that goes for security as well.

Re:Bullshit

[sg_oneill]

Whatever the case is, its a nasty piece of work. Theres precious little that'll stand up to that thing focusing fire on a target.

Re:Spread of Windows

[vtcodger]

***Anyone else think that the rather lax enforcement of Windows piracy is helping to create the possibility of massive botnets?***

Why would anyone think that? Windows is Windows whether it's pirated or paid for. Is a drunk weaving through heavy traffic at 135kph any more or less of a menace if he's driving a stolen car rather than a car he "owns"?

Re:Oblig.

[morgan_greywolf]

I think that the problem of viruses would be greatly reduced if people were less ignorant about viruses.

I think the problem of viruses would be greatly reduced if people were less ignorant about how their behavior causes them to get viruses.

Windows can be an okay operating system security-wise, if people didn't do these things:

Run Internet Explorer: IE is buggy and and insecure. If everyone replaced it with Firefox with the NoScript plugin installed, you could watch how much fewer viruses there would be.

Run Outlook or Outlook Express: Mail programs shouldn't have scripting abilities that can take control of the entire OS. Watch how much fewer viruses would exist if people would run Thunderbird instead.

Download programs from untrusted sites: Lots of random malware, spyware and viruses are installed because users the latest 'cute' or 'cool' thing their friend told them about.

Enable VBA macros to autorun in Microsoft Office documents. Turn off macros.

Run as Administrator: Either learn how to use your OS properly or upgrade to Vista. Seriously.


Eliminate these behaviors and you will have removed the most common vectors of infection on Windows machines.

Re:Spread of Windows

[diskis]

That argument is getting a bit dated. Linux is used more and more as servers. More processing power, more bandwidth and not so competent administrators. I know a lot of machines sitting un-updated on 100mbit or faster. They have been sitting for years serving as storage for irc logs, simpsons episodes and funny pictures. Still they are not part of any botnets.

Re:Oblig.

[budgenator]

Windows XP SP2 has been out for long enough that their is no excuse for an application that can't run in a LUA environment; the only company that has gotten it right is Sun Microsystems, installing Java is standard for how all software should install on windows. In most software you have to jump through so many hoops to get it installed that most people give up and just run everything as admin. Here's the killer aunt Millie goes to a website and needs to install a plug-in to see all of the content, let's say Flash for Grins and Giggles.
She kicks yes and saves to the desktop and now she's stuck it won't install, the easy way around it is to switch users to admin, (wait for all of the crapware to auto-load) and try to remember what site and plug-in she needed and of course she can't. So Now She gets and inspiration, and clicks though my computer, Documents and settings to her user area and access is denied! Curses, not she whiches users back and try to right click the installer and chicks run-as admin, still admin has insufficient privileges to open the file, Aunt Millie is stuck and from now on Aunt Millie is going to run as Admin because its easier and her computer is going to be part of the next bot net.

The problem is you say so many legacy apps need to run as root but in windows their is no root, root is the trusted superuser in *nix, in windows there is admin, the untrusted semi-superuser. Root is your Priest/Rabi Doctor and Lawyer all rolled in to one in the computer context, root is privileged as in Dr-patient privilege, Admin is the asshole one level up trying to get leverage over you or the car mechanic in a one horse town ready to cut your fan belt in the blink of an eye as you pass through.

OBTW do you know how to install software saved on a LUA's desktop? Took two years but I figured it out.