Slashdot Mirror
Storm Worm Strikes Back at Security Pros
alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."
init 11 - for when you need that edge.
Contact the users' ISPs and have them cut the connection to the infected machines until they are cleaned up.
Have gnu, will travel.
A normal user on Linux would be just as bad as a normal user on Windows...
Recommended: Learn to user your computer like a non-idiot.
Something tells me that your method won't work against Storm. This is due to the fact that if you tried such a stunt, it wouldn't be your PC that would be DoS'd, it would be the ISP's local NOC you were using to connect to the internet. If you forced a new DHCP reservation (all that an unplug/plugin does), you'd end up with another IP address (if the DHCP server ever responded to your request) sitting on the same hardware that is being DoS'd by Storm.
What is needed to fight a botnet of this size is a distributed probe net, where if one node is taken out by the botnet, the rest of the cloud keeps on probing it. After all, even a large botnet can only DoS so many locations at a time.
A better solution might be to spoof the IP addresses of other members of the botnet, thereby making it DoS itself into submission.
Because it's a Hollywood film?
Should point out that hacking is not a crime, never has been, never will be [at least without totally eroding all freedoms first]. A hacker is simply someone who takes the time to see how the world around them works. They're not script monkeys who instigate virus attacks, those are criminals.
Stop reading/watching Faux News et al. and get your damn facts straight.
People should be able to call themselves a hacker without fear of reprisal, for it's the hackers who will inevitably find many of the flaws in the world that the corporate greedmongers want hidden. I mean who do you think are the people finding all of the buffer overflows, protocol mistakes, etc in services you use on a daily basis? If hackers went away companies could easily get away with insecure practices and billing like however they feel like.
It's the people who stop questioning how the world works that should get a bitchslap upside the head.
Someday, I'll have a real sig.
Well, the death penalty has certainly stopped people from committing murder in the United States. I think you're on to something.
I don't care why you're posting AC
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
You know what costs ISPs even more money?
Not having any customers.
You're the type of person who gets looked at by their boss and told "This code is terrible, it is unbelievably user-unfriendly, and it barely even accomplishes the task required because you have implemented so many hoops that people have to jump over just to get anything done"
to which you respond:
"Well we should start requiring all of our receptionists to have degrees in computer science from now on!"
FAIL!
If you make your system so "secure" that even your own users cant use it...then you have basically just DOS'd yourself..... = fail.
NewslilySocial News. No lolcats allowed.
I see the same sort of law-and-order assumptions here that I would like to believe in. Sadly, that phase in my life has ended.
Sure, you can find who is DDoS'ing you. You can then call the ISP/hosting company and complain. If they are in the US they will likely as not just tell you to get a court order. Outside the US they will laugh and suggest you bribe them. Either way, it is their customer's right to operate in whatever manner they choose. If they are presented with a valid court order from a court in their jurisdiction, they will quickly and efficiently comply. Otherwise, your complaint will go in the bit bucket.
Mostly the problem is that to a lot of ISPs their customer (and the revenue from that customer) is a whole lot more important than the negative effects their customer is having. Also, the customer may be Daddy and Sonny is the one causing all the trouble. Why would anyone want to offend bill-paying Daddy by cutting off service?
The problem here is that regardless of the problem - a botnet infested computer, a script kiddy trying to break in, or some other mischief - if you let it go, it gets worse. Every time a script kiddy gets to feel that rush of excitement at breaking to some computer somewhere without any consequences they get bolder. In the US it is not really possible to go after them until they run up at least $25,000 in damages. Because of this, you never hear about the high schooler getting in trouble because they defaced a web site. Instead you hear about someone after many years of mischief and mayhem who is being accused of causing $12,000,000 in damages computed in some creative manner to get the FBI's attention. There is never a thought of stopping this when the cost to everyone is minimal. Minimal doesn't get the FBI involved and local law enforcement is utterly clueless.
Nobody is really going to get taken down for this unless they do something incredibly stupid. Sure, you can find an IP address but you can't get the customer unless the ISP wants to cooperate. Can you get a court order for the ISP to identify the owner of the account? Probably not without at least $25,000 in damages that you can claim. Even then all you have found is an infected computer that the owner doesn't know anything about.
There was a time in England when a bloke could talk about the gay time he had passing a fag around amongst his friends behind the school (fun/happy time passing a cigarette around) without any double entendres. Language evolves. Change your manner of communication or prepare for misinterpretation.
string Hackers="hardware hobbyists"
string Crackers="Saltines, safe-crackers, computer-criminals"
...
Hackers="computer-criminals";
Crackers="Saltines";
Are you honestly suggesting that the police start kicking down Joe Idiot User and Grandma's door? Sure the own the CnC machines, but odds are they have no idea that they been compromised, which is why they haven't cleaned it up yet. Confiscating them is only going to piss people off, by the time anybody could do any sort of analysis on them the entire network would have shifted around.
Storm is an entirely new breed of beast, bots change locations and roles all the time, a zombie could be a spam relay today, a DDoS grunt tomorrow, a web server the day after that, and a CnC machine on Friday. Physically locating a CnC box tells you nothing, good job you've located an infected box, by the time you get your hands on it it's role may have changed.
A Free Market requires informed intelligent consumers, such people are rare, we're in trouble.
The best solution is completely non-technical... a $10,000,000 bounty for the arrest and conviction (in whatever court you may choose) of the owner of the botnet.
The tyrant will always find a pretext for his tyranny - Aesop
Where did you get the idea that the police gave a damn about this?
Governments are not interested in computer crime. They don't investigate it, they don't prosecute it (unless it's against them directly).
The real source of the problem is microsoft selling an easy-to-use, insecure OS with too many fancy gadgets which nobody can reasonably maintain in a safe state. The single concept of an anti-virus should not even exist in the first place. It's a fix for the symptoms and not for the cause. The real fix would be to educate users into not being too much demanding for ease of use. Noone would like a car which does not need a key to start up, because it would get stolen. Why do they accept an OS which does not ask them for a correct password ?
Ironically, the storm worm is one of the few idiot proof pieces of software floating around. It requires absolutely no skill on the part of the user to get the job done, hell a certain level of incompetence is a benefit. Perhaps this is the key to making linux user friendly - just rewrite it as a worm!