Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm Being Reduced to a Squall

Posted by Zonk on from the blood-pressure-lowering-sight-returning dept.

Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

4 of 183 comments (clear)

  1. don't be sure by phantomfive · · Score: 5, Insightful
    The researcher determined this with a spider he created to crawl the storm network. How does he know that the network is shrinking and not just being partitioned?

    Furthermore, the storm virus is known to be updatable. Is it possible it was updated to be even less obtrusive, thus escaping detection in other ways? Maybe it has gone into dormant mode, because the creator doesn't need so many computers at the moment.

    One interesting innovation of the worm, quoted from the article:

    "If you're a researcher and you hit the pages hosting the malware too much... there is an automated process that automatically launches a denial of service [attack] against you," he said. This attack, which floods the victim's computer with a deluge of Internet traffic, knocked part of the UC San Diego network offline when it first struck.

    I think some part of me must be sick or something, because when I read about this I almost hope the worm will get bigger, become unstoppable, and reveal windows for the insecure piece of crap that it is. Linux, BSD, OSX, Solaris, and heck even Minux could clearly stand up to a threat like this much more easily than Windows.

    --
    Qxe4
  2. Bullshit by Anonymous Coward · · Score: 5, Interesting

    Myself and some colleagues, along with a couple of anti-malware sites have been tracking Storm infections as best we can over the last couple of months. We've mostly been using honeypots, trapping SMTP traffic and utilizing some nslookup scripts to mine Storm's fast-fluxing domains. It has not shown any sign of shrinking, particularly not by a factor of 10.

    The only people who have ever estimated its size to be anywhere near 50 million hosts are paranoid tin-foil hat wearing security analysts and journalists looking to generate some ad revenue with a shocking headline or two. I've never seen any solid evidence pointing towards Storm being larger than 2-3 million hosts, so even assuming there is an exact science at work here, 1.5 million is far from a 10th of 2-3 million.

    This phenomenon would be a lot easier to combat if people would stop spreading bullshit stories such as this.

  3. Comment removed by account_deleted · · Score: 5, Informative

    Comment removed based on user account deletion

  4. Re:Spread of Windows by rustalot42684 · · Score: 5, Funny
    But then SWAT is beaten back by Clippy:
    It looks like you're trying to raid the Redmond campus. Would you like to:
    • Hunt and kill all the employees
    • Destroy the supercomputer cores
    • Uncover the secret plot for world domination
    • Just raid the campus without help
    # Don't show me this tip again