Storm Worm Being Reduced to a Squall

Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

Re:looking for details on storm botnet control

[bucky0]

From what I remember, there's no central IRC control. The bots all join in a p2p network and share files with commands to be executed. The herder uploads a command file with a specific (spoofed) hash, and the bots spread them over the P2P network to the whole network. The reason noone's been able to pull the plug is because there's no central IRC server that people can target, the commands are just files on a p2p network.

Re:Spread of Windows

[mrsteveman1]

Marketshare accounts for around 2/5ths of the reason Windows is so insecure

Re:Spread of Windows

[Anpheus]

Made up statistics* count for around 9/10ths of the reason you say that.

* over the past six months, the number of made up statistics has TRIPLED! wiki it!