Criminals' botnet more powerful than BlueGene?

Criminals' botnet more powerful than BlueGene?

Summary: Criminals behind the Storm worm have created a botnet containing millions of PCs, which have a combined computing power greater than the most powerful supercomputer in existence.


Criminals behind the Storm worm have created a botnet containing millions of PCs, which have a combined computing power greater than the most powerful supercomputer in existence.

The Storm worm botnet has been estimated to control between one million and five million computers, which one researcher says makes it more powerful than IBM's BlueGene/L supercomputer.

Peter Guttman, a computer sciences security researcher wrote in an e-mail posted on's Web site: "This may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals. The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?"

At the lowest estimate of one million computers, Guttman roughly calculated that using an army of 2.8GHz P4s, the group behind the Storm worm would have at least 1 petabyte of RAM, compared with BlueGene/L's "paltry 32 terabytes".

Guttman listed 10 supercomputers, comparing the total number of PCs required to achieve equivalent RAM. He estimated 128,000 PCs would be required to match BlueGene/L, while at the lower end, 10,000 PCs would be needed to match MareNostrum.

Is it comparable?
However, debate rages as to whether a million-strong cluster of computers is the same as a supercomputer.

IBRS security analyst James Turner told ZDNet Australia that comparing a botnet and a supercomputer is like comparing an army of snipers with a nuclear weapon.

"It takes more than a pile of CPUs and RAM to make a supercomputer ... Any supercomputer like BlueGene has millions of dollars of R&D, tweaked I/O and an optimised operating system. In all, it's a system with substantial differences to a botnet," he said.

However, Turner said that should the Storm owners want to start breaking encryption codes, they could do it in a similar fashion to the Search for Extraterrestrial Intelligence project -- or SETI@home.

SETI@home uses a distributed network of computers to decipher signals from an array of radio telescopes, which listen for signals from outer space.

The SETI@home network, at the time of writing, consists of 158,000 active users, utilizing 1.5 million active hosts in over 200 countries.

Bradley Anstis, director of product management at security firm Marshal, believes the botnet at the Storm gang's disposal is likely to be closer to five million strong.

"The SETI@home network is quite different because the owner has full knowledge of any use of their computer. When you start using your computer, its network will back off. This worm however seems to be working in the background so it doesn't take all resources, so the average computer user does not notice," said Antsis.

"It has a very high number of distributed nodes, so it can scale faster and a lot larger than any super computer. It's certainly a lot of faster than for Cray to bring out its latest supercomputer," he said.

Paul Ducklin, head of technology at Sophos said a supercomputer differs drastically due to how CPU nodes are interconnected and the speed at which data can be pushed from one node to another.

"They [the Storm gang] don't need a 'supercomputer'," said Ducklin. "They just need a wide range of different computers to do their dirty work. It's not so much about CPU, and RAM, and disk space. It's about being able to operate from a widely-distributed and ever-moving target. Slim down the target and it becomes much easier to hit."

Besides CPU and RAM, Marshal's Anstis said, "The more worrying thing is bandwidth. Just calculate four million times a standard ADSL connection. That's a lot of bandwidth. It's quite worrying. Having resources like that at their disposal -- distributed around the world with a high presence and in a lot of countries -- means they can deliver very effective distributed attacks against hosts."

Topics: Malware, Emerging Tech, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It's just like SkyNet from the Terminator... only not.

    Pure FUD. A successful worm does not a super computer make.

    Contrary to popular myth, distributed computing isn't easy. One has to write custom code for a task well suited to a distributed computing paradigm. This worm does not run any distributed tasks that we know of. Also, the its-bitsy narrow data pipes of the internet mean that if it did start to run distributed tasks, it would be less of a high performance cluster computer than it would be a grid computer. As a result, 1337 h4x0rZ wouldn't like it for any quick, highly co-ordinated computational tasks; stealing from banks or governments for example.

    Just because it's one program running seperately on many machines does not make it the sum of its infected parts. If it was, that would make 'windows' the biggest, fastest, most ball-tearing, zepta-flopping, googabyted super-duper-computer the world has ever seen.

    Which it ain't. The best thing Storm can do at the moment is launch DDOS attacks and collect personal banking details.
  • If we haven't discovered aliens...

    If we haven't discovered aliens or the cure for cancer with the legal distributed networks, I can hardly see how these criminals are going to do anything with millions of computers that they can't do with one.

    Storm makes it hard to track criminal activities, not make those tasks easier for them.

    As John Connor says, the best thing Storm can do is launch DDOS attacks and collect information.

    Hell, if it did make a supercomputer I'd put storm on the 500+ computers at work and expose the lies of the governments behind the Iraq war myself!