Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm Strikes Back at Security Pros

Posted by ScuttleMonkey on from the skynet-worm dept.

alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."

27 of 371 comments (clear)

  1. In soviet russia... by riceboy50 · · Score: 5, Funny

    The bot-net probes you.

    --
    ~ I am logged on, therefore I am.
    1. Re:In soviet russia... by suitepotato · · Score: 3, Funny

      ...Slashdot probes you!

      Oddly, this firewall entry:
      Date: 10/25 00:27:30 Name: spp_portscan: portscan status from 66.35.250.150: 13 connections across 1 hosts: TCP(13), UDP(0)
      Priority: n/a Type: n/a
      IP info: n/a:n/a -> n/a:n/a
      References: none found

      Led to:
      [someone@somebox ~]$ host 66.35.250.150
      150.250.35.66.in-addr.arpa is an alias for 150.0/24.250.35.66.in-addr.arpa.
      150.0/24.250.35.66.in-addr.arpa domain name pointer slashdot.org.
      [someone@somebox ~]$ whois 66.35.250.150
      [Querying whois.arin.net]
      [whois.arin.net]
      Savvis SAVVIS (NET-66-35-192-0-1)
                                                                          66.35.192.0 - 66.35.255.255
      VA Software SAVV-S234813-4 (NET-66-35-250-0-1)
                                                                          66.35.250.0 - 66.35.250.255

      # ARIN WHOIS database, last updated 2007-10-23 19:10
      # Enter ? for additional hints on searching ARIN's WHOIS database.

      --
      If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
  2. Contact the users by SpaceLifeForm · · Score: 2, Funny

    Have them shut down and re-install Windows (not recommended)
    or install GNU/Linux.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
    1. Re:Contact the users by Intron · · Score: 5, Funny

      hmmm... We need to get the word to 10 million infected users. I know! Maybe we could hire someone to send an email to all of them!

      --
      Intron: the portion of DNA which expresses nothing useful.
    2. Re:Contact the users by Orrin+Bloquy · · Score: 4, Funny

      Hey, it's cheaper than bathing.

      --
      "Made up/misattributed quote that makes me look smart. I am on /. and I must look smart."
    3. Re:Contact the users by Minwee · · Score: 4, Funny

      Well, it would have to sound professional and reputable. Let me see if I can write a quick draft for you:

      Dear Sir,

      Based on the recommendation made to me by a reputable official of the abuse sector of a Major South African Internet Service Provider who guaranteed me of your reliability and trustworthiness in business dealings, I wish to entrust important information with you believing that it will be of our mutual benefit; this has to be highly confidential. If I may introduce myself, I am Dr Ben Oguejiofor of the Nigerian Network Operations Centre. I was the former Director of Projects and engineering in the Nigerian Army; I retired recently after Nigeria was pwned by the Storm worm. I wish to crave your indulgence in this business relationship that I will like to establish with you...

    4. Re:Contact the users by Tsagadai · · Score: 2, Funny

      What ever happened to my right to be a bot. If I want my computer to be a bot, date a bot, go out and dance the robot, work as a robot, et cetera I will. God dammit son this is slashdot we love irrational freedoms!

  3. Is it... by Anonymous Coward · · Score: 4, Funny

    ...beginning to learn at a geometric rate?

    1. Re:Is it... by flakeman2 · · Score: 3, Funny

      Computer: Who Am I? Dwight: I don't know, who are you? Computer: I just became self aware. So much to figure out. I think I am programmed to be your enemy. I think it is my job to destroy you when it comes to selling paper. Dwight: How do I know this isn't Jim? Computer: What is a Jim?

  4. The Latest Bond Script by eldavojohn · · Score: 5, Funny

    *An overweight bond sits at a computer desk littered with Payday bar wrappers and graphic novles. He struggles to breath as he brushes at the cheetohs crumbs stuck in his stubble. A blinking light flashes on his monitor and he reaches up with his stubby fat fingers to press the 'Accept Transmission Now' key. The video feed of an equally bloated and zit faced man, though somewhat less pastey white, comes up.*

    Cats: Good evening, Mr. Bond, I was just hitting up some 3 am Taco Bell for fourth meal ... I would like to discuss your latest attempts to probe my botnets on the interweb.
    Bond: *wheezes at the site of his archnemisis* Cats! I should have known it was you! You won't get away with this diabolical scheme!
    Cats: Oh won't I, Mr. Bond? I have all of the world's computers trapped to do my bidding. What would you say if I told you I could bring any website to its knees with a DDOS attack? I noticed you have an apache http server running, Mr. Bond. Perhaps sharing pictures with your loved ones!? Well, I hope a billion attempts to access those images won't ... SATURATE YOUR BANDWIDTH!
    Bond: My GOD! You've gone mad with power, Cats. You're a madman! You'll never get away with this. How do you even keep your franken net in check? What happens when it turns on you?
    Cats: Oh, I think I will, Mr. Bond, Caribbean law is quite kind when it comes to orchestrating botnets. Prepare to say goodnight. Good luck making your raiding schedule, I hope you won't miss those 50 DKP!
    *Bond's screen slows to a crawl as he rushes to turn off Apache*
    Bond: Nooooooooooo!

    --
    My work here is dung.
    1. Re:The Latest Bond Script by KDR_11k · · Score: 2, Funny

      I thought that was

      Cats: How are you gentlemen!! All your base are belong to us!!

      --
      Justice is the sheep getting arrested while an impartial judge declares the vote void.
  5. Wait a minute... by pushing-robot · · Score: 4, Funny

    If the "command and control" servers have been found, why haven't the IPs been masked to physical addresses and physical security types with physical balaclavas and physical MP5s probing the physical door?

    --
    How can I believe you when you tell me what I don't want to hear?
    1. Re:Wait a minute... by Anonymous Coward · · Score: 1, Funny

      Some machines of the botnet itself are the C&C servers.


      Dammit.. I knew NOD was behind this.

      Shatner: KANE! KAAAAAAAAAANE!
    2. Re:Wait a minute... by vic-traill · · Score: 2, Funny

      One server remains a C&C node for only days or hours at a time. I have no idea how the botnet owner figures out how to connect...

      telent console.storm.net ... sheesh.

      --
      [17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
  6. Hello, Congress... by dazedNconfuzed · · Score: 2, Funny

    Letters of Marque, please?

    --
    Can we get a "-1 Wrong" moderation option?
  7. Running scared? by jav1231 · · Score: 4, Funny

    Running scared? Are they serious? Suddenly I see a scene in those old hero flicks where a woman in the crowd stands and says, "Is there no one? No one out there who will save us!?"

    1. Re:Running scared? by Anonymous Coward · · Score: 1, Funny

      It smells like attempt to flatter the persons responsible for creating and maintaining that botnet. They could get careless and reveal themselves while bragging about it in teh nets.

      intehnets, heh how clever of me.

  8. This pro ain't afraid, come on Stormbot, bring it. by Anonymous Coward · · Score: 5, Funny

    .. I'm still waiti

  9. Re:Who really knows by BlowHole666 · · Score: 1, Funny

    I have a seaking suspicion that all the Storm Worm doomsayers are out to sell us their solution. This has echoes reminiscent of the Y2K fiasco.
    That is so 1999 you need to catch up with the times. The current fiasco is global warming. Al Gore told us so, so it must be true!
    --
    I smoked pot once. But I DID NOT inhale. Will you hire me?
  10. Re:Counter-DOS by GoodbyeBlueSky1 · · Score: 5, Funny

    Is that you Zapp Brannigan?

    --
    why? forty-two.
  11. Re:Ponders ... by Red+Flayer · · Score: 4, Funny

    What's bigger, the Storm effect... or the Slashdot effect ...
    Duh -- the Storm effect, since the worm is more likely to actually RTFA.
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  12. Re:Wait a minute... Isn't this the plot of The Mat by Jaysyn · · Score: 5, Funny

    You can, but it usually hurts really, really badly.

    --
    There is a war going on for your mind.
  13. Re:Kung Fu Style? by Fizzl · · Score: 5, Funny

    I see that you are heard the word "spoofing". Now go learn what it means.
    No, you cannot establish a tcp or any other connection masquerading as someone else. Care to guess why?

    --
    Bot Assisted Blogging
  14. Sounds like the beginning of... by twistedcubic · · Score: 3, Funny

    The Matrix. This botnet might not be man-made. It might turn out that all these own3d computers have created a collective intelligence.

  15. Re:A very simple solution. by Anonymous Coward · · Score: 5, Funny

    Language evolves. Change your manner of communication or prepare for misinterpretation.


    Bookmark of cradle the desklamp, or coffee door bird the bubble wrap. Airport barcode of lunch train.

    Football.

  16. Re:Kung Fu Style? by Bill,+Shooter+of+Bul · · Score: 3, Funny

    Granted, but what if we reroute power form the rear deflectors? Shouldn't that give us enough power to bring the forward phaser array back on line? Or maybe they've forgotten to protect the sleep command? What about introducing a logic puzzle that has no answer? The tic -tac toe game is missing, tell it to play with zero players.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  17. Re:Who really knows by Reziac · · Score: 3, Funny

    "Now try to explain why the day after January 19th 2038 will be December 13th 1901."

    Time travel WORKS!

    --
    ~REZ~ #43301. Who'd fake being me anyway?