Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm Strikes Back at Security Pros

Posted by ScuttleMonkey on Wednesday October 24, 2007 @05:25AM from the skynet-worm dept.

alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."

1 of 371 comments (clear)

Min score:

Reason:

Sort:

Re:Contact the users by zrq · 2007-10-24 06:25 · Score: 5, Informative

... the OpenSSH log showed hundreds of attempted logins under the names of I think Doug and Samantha or something like that, so it seems likely they put a back door into OpenSSH as neither of those accounts were in the old passwd file ...

I see a lot of these all the time, they seem to be cycling through a list of names. At the moment they are trying account names like 'root', 'linux', 'admin', 'test', 'testftp', 'webmaster' etc. and user names like 'melissa', 'danny', 'nicholson' etc.

I don't think this means that they added a SSH back door, just that they have enough compute resources to try hundreds of combinations of likely names and passwords in the hope they get lucky.