Storm Worm botnet could be world's most powerful supercomputer

Storm Worm botnet could be world's most powerful supercomputer

Summary: Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer.

SHARE:
TOPICS: Malware
150

Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer.

The Trojan, which uses a myriad of social engineering lures to trick Windows users into downloading malware, has successfully seeded a massive botnet -- between one million and 10 million CPUs -- producing computing power to rival the world's top 10 supercomputers

By New Zealand computer scientist Peter Gutman's calculations, the Storm Worm botnet "may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals."

The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?

At current infection rates, Gutman's concerns are genuine and the relentless nature of the ongoing attacks suggest that the criminal minds behind this botnet are far from satisfied.

[SEE: Botnet assault: Spammers launch DDoS offensive ]

Malware researchers tracking the threat are privately awed by the sheer volume of spam with social engineering lures to malicious executables. "It's nonstop, never-ending," said a virus analyst at a major computer security firm.

The attackers have tied the spam lures to global news events, links to YouTube videos and online greeting cards. The sophisticated operation includes the use of fast-flux networks to avoid shutdowns, a rootkit component to hide from anti-virus scanners and a P2P command-and-control structure that makes it near impossible to kill the controlling server.

The Storm Worm attackers have also hacked into legitimate Web sites and used iFrame redirects to send surfers to Web servers hosting malware downloaders.

Now, according to Finjan security researcher Aviv Raff, the group has started to target tech-savvy computer users.

"Up until now, they've put greeting cards for holidays, and video downloads. Today they've changed their website and put a "Download Tor" Web page," Raff said in an interview.

Storm Worm botnet could be worldÂ’s most powerful supercomputer

The page displays a legitimate looking download page for the Tor (The Onion Router) network anonymity proxy and a "download now" image that points to a malicious "tor.exe" file.

Raff said the malicious pages are hosting exploits from the MPack crimeware toolkit, which recently added new Internet Explorer and Yahoo Webcam exploits.

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

150 comments
Log in or register to join the discussion
  • What is being done

    from a security vendor standpoint to prevent these attacks? Are the major vendors able to detect, prevent and/or remove the infections?
    Badgered
    • Can you imagine

      if ISPs, or anti-X or some other agency disabled (which they all need to be) that many computers at once. It could be done. Time Warner (my ISP) could shut these systems down in hours, blocking their access to the internet, as could the ISPs of the tens of millions of compromised machines just in the US, but it would be a PR nightmare. They would rather let their user's continue using and working on compromised machines than do anything about it.

      Is being online with a malware infected compromised computer a right? They all break standard "terms of use" clauses but they don't and won't do anything about it until someone specifically complains about a specific machine.

      As a thought experiment, if you locked out every compromised machine, there goes the botnet and the "tool or the terror trade" for the criminals. You can only imagine the backlash, however, against MS.

      TripleII
      TripleII-21189418044173169409978279405827
      • Since we've known of this problem for so long..

        why is internet end point security left up to the general public? With all of the government back initiatives, why not initiate one that will strip these trojans out at the ISP or or earlier? Why allow any amount of viruses to use bandwidth and travel all the way to the endpoint, to begin with, but to infect end users? This is not a "Microsoft" problem. We know social engineering techniques can compromise any system, the user willing(as they appear to be). Even if the users are running as Admin, they still have to agree to load it. If they had to authorize, i'm sure they do that too for the most part. <br>
        The only way to stop this in the first place is use network best practices and stop it at it's first non-criminally run server encounter. <br>
        The internet is the equivilent of all businesses running their networks wide open and depending on the users to prevent infection w/o any education in the matter. <br>
        It's also a function of the authorities to stop it and find who is doing it. That requires cooperation between nations and governmental authorities.
        xuniL_z
        • It all comes down to:

          Each ISP;

          They know the threats, and they have the ability to stop it. 99% of all spam could be killed if ISP's blocked port 25 and only allowed traffic on port 25 to and from their internally controlled mail servers. Same goes for businesses and corporations.

          My ISP does just this they have a policy that you can have the port block lifted upon request.
          Suicida|
          • I wonder if it's just financial or legal

            issues that could get sticky blocking certain email. I can see the potential for legal action and "civil liberties" suits of somekind. <br>
            Financial issues...be the best place to put money being spent on cyber attack prevention anyway....possibly. <br>
            I'm no expert at this level, but there has to be a better way than relying on the end users. <br>
            Maybe a contract everyone must agree to when they sign up with an ISP stating any questionable email or other traffic (inbound or outbound) can and will be removed at the ISP's descretion. <br>
            In turn all ISP's must agree to this with any upstream providers.
            xuniL_z
        • What?

          Why do we need more government control of anything?
          it's NOT the answer for anything.
          ken.
          merc2dogs`
          • I agree and that's why...

            i don't believe in the current backing given to open source around the world by governments. <br>
            But I meant law enforcement. These are crimes. Just like if someone calls your telephone and threatens you. It's a crime for the justice dept to take care of and if it means some subsidies to get ISPs and other internet hubs to assist in taking care of the issue, then it's worth it. Instead of the billions going into NSF projects for Linux, put some of that money into the cracking down and stopping of internet threats w/o placing the burden of stopping cyber-terrorism on the general public. That is just ridiculous.
            xuniL_z
          • Good Luck on that!

            The net is fast becoming the life's blood of this country and our elected officials in Washington DC are drag their collective feet again. No new news there. Maybe every computer user needs to send an E-mail to Congress and the Media."This is a crime and it is a threat to this country get off you backsides and deal with it or lose my vote." What would a couple of million messages like that generate, I would like to find out.
            crawdad2k
          • Message has been deleted.

            nomorems
          • Location of...

            ... websites that these viral programs are directing computers to are no secret. When one is discovered, the company that provided it should be placed on a temporary hold from setting up more. Enable these companies to self regulate website installation for fear of losing business. Shut down re-offending firms. Shut down websites that hire advertising firms using illegal methods.

            These actions would take incentive away from the disseminators.

            It is also no mystery which internet providers are not disconnecting users that are infected. If they are also taken offline until they clean up their users (disconnect users until they are virus free) they will take a proactive attitude about cleaning up their part of the internet.

            Everyone is busy pointing fingers at other people to take responsibility. If a user is aware that they are infected they will willingly clean up their problem. If their provider sends them an e-mail describing current things to be aware of and how to fix the problem, they will engratiate their customers. This will reduce the end user issues.

            People expect some control over malicous acts on the internet. There is no one who benefits from hostile advertising that uses other peoples computers and internet bandwidth without permission or compensation. As people get smarter they will be less inclined to fall for the inticements offered. I have often thought a hacker group that destroys bad advertiser websites with an influx of messages that subvert their business would be a prudent counter-measure. But this will just make a war that the regular users will pay for with decreased bandwidth.
            Information_z
        • Message has been deleted.

          nomorems
        • Viewing e-mail through a website...

          I encourage people I know to look at their e-mail through a website. Most providers have one, and there are 3rd source websites (such as Mail2Web) that you can scan the message before downloading it to your computer.

          It is a great way to handle e-mail if you have a slow internet connection. You delete stuff you don't want to look at and download the important stuff you want to keep a copy of.

          This routine reduces computer infections, especially with inexperienced users.
          Information_z
          • What would prevent the ISPs

            from taking this action on the users behalf? When there is something of this nature, that could be used to launch terroristic attacks, seems by now, at least in the U.S., homeland security would be working more directly with the ISPs.
            <br>
            Are there legal issues? I don't care if my ISP is scanning mail destined to my inbox. Seems it would lessen the traffic caused by each indivdual scanning for themselves.
            xuniL_z
          • Yes BUT...

            what about corporate emails? emails that contain confidential information such as agreement or medical reports?
            Moreover, what about copyrighted material?

            For example, you are creating a novel method for visually impaired users that facilitates websurfing. it is natural that you cooperate with your collegues all over the world by email. Your ISP has a legal right to scan and review your emails and one of their employees decides to patent your discovery before you do. In best case you end up winning after many years of battle in the court. In the worst case, you just saw your research stolen forever.

            There is nothing worst than giving someone the power they can abuse!
            sashkashurik
          • If you give power...

            to someone who can abuse it, they usually (always) will. So who should have the power? The government...they've done a wonderful job of protecting us and looking out for our best interests... The corporations...they certainly would never abuse any power they have ever purchased... The criminals...no different than the corporations, except they have less hands in the money jar... I guess we're powerless to do anything but sit and watch it happen...
            rcblues
  • RE: Storm Worm botnet could be world's most powerful supercomputer

    I wonder now. Is it possible that a person could write a counter-worm, that goes into these computers, and if finds the infection erase it? Then hides to erase it if it comes onto the system?

    - Kc
    kcredden2
    • Would probably be illegal, lol.

      What I would like to see, bite the bullet and simply block every botnetted machine from accessing the internet. Redirect the overwhelming majority who don't know they are infected to an info page telling them this is for their benefit and how to resolve the issue. Eliminating the problem is not hard, ISPs can find and shut them all down with automated tools.

      The problem is, the end user has to date had no real responsibility to keep their machine from becoming compromised, relying (sometimes) on varyingly successful anti-X programs, but not really being responsible for their machine. If you can mandate that a vehicle must meet minimum safety requirements to be allowed on the road, is it really so bad to require minimum levels of non-infection to be allowed on the internet?

      TripleII
      TripleII-21189418044173169409978279405827
      • Gee...

        do I have to worry that my TV will send a virus, or my phone or my Palm device or my cell phone or my car or my mailbox?

        Quit remove Microsoft from the solution. They are the solution! Well, actually, stopping the use of their warez is the solution.

        Microsoft is to blame and Microsoft must be stopped. THEY want your data - no one else!
        nomorems
    • You mean...

      ...Like Anti-Virus software??

      You mean....force everyone to use anti-virus?

      And then...next virus???
      mdsmedia
  • RE: Storm Worm botnet could be world's most powerful supercomputer

    "has successfully seeded a massive botnet ??? between one million and 10 million CPUs"

    Where are they getting these numbers? Between 1 and 10 million? that's quite a discrepancy.

    And if they know these computers are infected why is nothing being done? Are people just sitting around and doing a head count to see who's infected and who isn't, and that's it?
    Kid Icarus-21097050858087920245213802267493