Storm Worm Strikes Back at Security Pros

alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."

Who really knows

[Silver+Sloth]

From TFA

Still, the power of Storm, also known as Peacomm, is still hotly debated. Earlier this week another expert said the worm had pretty much run its course and was subsiding. I have a seaking suspicion that all the Storm Worm doomsayers are out to sell us their solution. This has echoes reminiscent of the Y2K fiasco.

Re:Who really knows

[fredrated]

The Y2K fiasco? What was that? Was it a fiasco because programmers had not programmed for 4 digit years, because a lot of money was spent correcting this, or because nothing happened and you interpret this as meaning nothing was going to happen?

Re:Who really knows

[Silver+Sloth]

We all spent a lot of time fixing things - and earning a small fortune - but the computer press, and a lot of the popular press, was full of stories about how planes would fall from the sky, autotellers would stop working, and life as we know it would self destruct. I work for a major UK financial institution and I was very much part of the Y2K effort and, after all the man hours, what did we find, one or two minor inconveniences. Still I took my wife to the Canary Islands for a holiday on the money I earnt staying sober on new years eve.

Re:Who really knows

[Marcos+Eliziario]

I can't hardly wait for 2038.
I only need to make sure I keep my copy of Stevens and Rago in a good shape till there.

Re:Who really knows

[Opportunist]

I dread 2038. Unlike 2k, it will be near impossible to explain to management why that date (especially some odd day in January) is even more a threat to IT than 2k was. 2k was something they could understand, and why it would be bad for your insurance calculations to think it's 1900 for someone who was (or, is going to be) born in 1968. That without 4 digits, rolling over from 1999 would get you to 1900.

Now try to explain why the day after January 19th 2038 will be December 13th 1901.

Re:Contact the users

[PPH]

Contact the users' ISPs and have them cut the connection to the infected machines until they are cleaned up.

Re:oh yeah, so scared

[Em+Adespoton]

If you start getting DOSed you unplug the modem and try again. Some corporate customer carrying ISPs will even let you just change your IP. You could get on a new IP and keep poking like 50 times in a day at least. It's really not that hard and not that sneaky.

Something tells me that your method won't work against Storm. This is due to the fact that if you tried such a stunt, it wouldn't be your PC that would be DoS'd, it would be the ISP's local NOC you were using to connect to the internet. If you forced a new DHCP reservation (all that an unplug/plugin does), you'd end up with another IP address (if the DHCP server ever responded to your request) sitting on the same hardware that is being DoS'd by Storm.

What is needed to fight a botnet of this size is a distributed probe net, where if one node is taken out by the botnet, the rest of the cloud keeps on probing it. After all, even a large botnet can only DoS so many locations at a time.

A better solution might be to spoof the IP addresses of other members of the botnet, thereby making it DoS itself into submission.

Re:The Latest Bond Script

[kalirion]

Because it's a Hollywood film?

Re:A very simple solution.

[tomstdenis]

Should point out that hacking is not a crime, never has been, never will be [at least without totally eroding all freedoms first]. A hacker is simply someone who takes the time to see how the world around them works. They're not script monkeys who instigate virus attacks, those are criminals.

Stop reading/watching Faux News et al. and get your damn facts straight.

People should be able to call themselves a hacker without fear of reprisal, for it's the hackers who will inevitably find many of the flaws in the world that the corporate greedmongers want hidden. I mean who do you think are the people finding all of the buffer overflows, protocol mistakes, etc in services you use on a daily basis? If hackers went away companies could easily get away with insecure practices and billing like however they feel like.

It's the people who stop questioning how the world works that should get a bitchslap upside the head.

Re:A very simple solution.

[multisync]

Impose the death penalty for these hackers/crackers or whatever you call them these days.
Public execution. And make it totally Medevil. Gruesome and painful and prolonged.

I guarantee you within one year the hacking/cracking/whatever will have come to an absolute total stop.

Well, the death penalty has certainly stopped people from committing murder in the United States. I think you're on to something.

Use this against them.

[darkonc]

1. Let various ISPs know that you're about to do this,
2. Do something to trigger a DDOS,
3. Track which machines the attacks are coming from, (basically, log the source of every packet aimed at your IP address)
4. shut down and clean every machine that is shown to be part of the DDOS
5. (profit???)

Re:A very simple solution.

[Culture20]

There was a time in England when a bloke could talk about the gay time he had passing a fag around amongst his friends behind the school (fun/happy time passing a cigarette around) without any double entendres. Language evolves. Change your manner of communication or prepare for misinterpretation.

string Hackers="hardware hobbyists"
string Crackers="Saltines, safe-crackers, computer-criminals"

...
Hackers="computer-criminals";
Crackers="Saltines";