Storm Worm botnet could be world's most powerful supercomputer
Summary: Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer.
Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer.
The Trojan, which uses a myriad of social engineering lures to trick Windows users into downloading malware, has successfully seeded a massive botnet -- between one million and 10 million CPUs -- producing computing power to rival the world's top 10 supercomputers
By New Zealand computer scientist Peter Gutman's calculations, the Storm Worm botnet "may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals."
The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?
At current infection rates, Gutman's concerns are genuine and the relentless nature of the ongoing attacks suggest that the criminal minds behind this botnet are far from satisfied.
[SEE: Botnet assault: Spammers launch DDoS offensive ]
Malware researchers tracking the threat are privately awed by the sheer volume of spam with social engineering lures to malicious executables. "It's nonstop, never-ending," said a virus analyst at a major computer security firm.
The attackers have tied the spam lures to global news events, links to YouTube videos and online greeting cards. The sophisticated operation includes the use of fast-flux networks to avoid shutdowns, a rootkit component to hide from anti-virus scanners and a P2P command-and-control structure that makes it near impossible to kill the controlling server.
The Storm Worm attackers have also hacked into legitimate Web sites and used iFrame redirects to send surfers to Web servers hosting malware downloaders.
Now, according to Finjan security researcher Aviv Raff, the group has started to target tech-savvy computer users.
"Up until now, they've put greeting cards for holidays, and video downloads. Today they've changed their website and put a "Download Tor" Web page," Raff said in an interview.
The page displays a legitimate looking download page for the Tor (The Onion Router) network anonymity proxy and a "download now" image that points to a malicious "tor.exe" file.
Raff said the malicious pages are hosting exploits from the MPack crimeware toolkit, which recently added new Internet Explorer and Yahoo Webcam exploits.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
What is being done
Can you imagine
Is being online with a malware infected compromised computer a right? They all break standard "terms of use" clauses but they don't and won't do anything about it until someone specifically complains about a specific machine.
As a thought experiment, if you locked out every compromised machine, there goes the botnet and the "tool or the terror trade" for the criminals. You can only imagine the backlash, however, against MS.
TripleII
Since we've known of this problem for so long..
The only way to stop this in the first place is use network best practices and stop it at it's first non-criminally run server encounter. <br>
The internet is the equivilent of all businesses running their networks wide open and depending on the users to prevent infection w/o any education in the matter. <br>
It's also a function of the authorities to stop it and find who is doing it. That requires cooperation between nations and governmental authorities.
It all comes down to:
They know the threats, and they have the ability to stop it. 99% of all spam could be killed if ISP's blocked port 25 and only allowed traffic on port 25 to and from their internally controlled mail servers. Same goes for businesses and corporations.
My ISP does just this they have a policy that you can have the port block lifted upon request.
I wonder if it's just financial or legal
Financial issues...be the best place to put money being spent on cyber attack prevention anyway....possibly. <br>
I'm no expert at this level, but there has to be a better way than relying on the end users. <br>
Maybe a contract everyone must agree to when they sign up with an ISP stating any questionable email or other traffic (inbound or outbound) can and will be removed at the ISP's descretion. <br>
In turn all ISP's must agree to this with any upstream providers.
What?
it's NOT the answer for anything.
ken.
I agree and that's why...
But I meant law enforcement. These are crimes. Just like if someone calls your telephone and threatens you. It's a crime for the justice dept to take care of and if it means some subsidies to get ISPs and other internet hubs to assist in taking care of the issue, then it's worth it. Instead of the billions going into NSF projects for Linux, put some of that money into the cracking down and stopping of internet threats w/o placing the burden of stopping cyber-terrorism on the general public. That is just ridiculous.
Good Luck on that!
Message has been deleted.
Location of...
These actions would take incentive away from the disseminators.
It is also no mystery which internet providers are not disconnecting users that are infected. If they are also taken offline until they clean up their users (disconnect users until they are virus free) they will take a proactive attitude about cleaning up their part of the internet.
Everyone is busy pointing fingers at other people to take responsibility. If a user is aware that they are infected they will willingly clean up their problem. If their provider sends them an e-mail describing current things to be aware of and how to fix the problem, they will engratiate their customers. This will reduce the end user issues.
People expect some control over malicous acts on the internet. There is no one who benefits from hostile advertising that uses other peoples computers and internet bandwidth without permission or compensation. As people get smarter they will be less inclined to fall for the inticements offered. I have often thought a hacker group that destroys bad advertiser websites with an influx of messages that subvert their business would be a prudent counter-measure. But this will just make a war that the regular users will pay for with decreased bandwidth.
Message has been deleted.
Viewing e-mail through a website...
It is a great way to handle e-mail if you have a slow internet connection. You delete stuff you don't want to look at and download the important stuff you want to keep a copy of.
This routine reduces computer infections, especially with inexperienced users.
What would prevent the ISPs
<br>
Are there legal issues? I don't care if my ISP is scanning mail destined to my inbox. Seems it would lessen the traffic caused by each indivdual scanning for themselves.
Yes BUT...
Moreover, what about copyrighted material?
For example, you are creating a novel method for visually impaired users that facilitates websurfing. it is natural that you cooperate with your collegues all over the world by email. Your ISP has a legal right to scan and review your emails and one of their employees decides to patent your discovery before you do. In best case you end up winning after many years of battle in the court. In the worst case, you just saw your research stolen forever.
There is nothing worst than giving someone the power they can abuse!
If you give power...
RE: Storm Worm botnet could be world's most powerful supercomputer
- Kc
Would probably be illegal, lol.
The problem is, the end user has to date had no real responsibility to keep their machine from becoming compromised, relying (sometimes) on varyingly successful anti-X programs, but not really being responsible for their machine. If you can mandate that a vehicle must meet minimum safety requirements to be allowed on the road, is it really so bad to require minimum levels of non-infection to be allowed on the internet?
TripleII
Gee...
Quit remove Microsoft from the solution. They are the solution! Well, actually, stopping the use of their warez is the solution.
Microsoft is to blame and Microsoft must be stopped. THEY want your data - no one else!
You mean...
You mean....force everyone to use anti-virus?
And then...next virus???
RE: Storm Worm botnet could be world's most powerful supercomputer
Where are they getting these numbers? Between 1 and 10 million? that's quite a discrepancy.
And if they know these computers are infected why is nothing being done? Are people just sitting around and doing a head count to see who's infected and who isn't, and that's it?