Storm worm: More powerful than Blue Gene?

Storm worm: More powerful than Blue Gene?

Summary: The criminal botnet controlling millions of PCs may have more computing muscle than the world's most powerful supercomputer

SHARE:
TOPICS: Security
0

Criminals behind the Storm worm have created a botnet containing millions of PCs, which have a combined computing power greater than the most powerful supercomputer in existence.

The Storm worm botnet has been estimated to control between one million and five million computers, which one researcher says makes it more powerful than IBM's Blue Gene/L supercomputer.

Peter Guttman, a computer sciences security researcher, wrote in an email posted on insecure.org's website: "This may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals. The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?"

At the lowest estimate of one million computers, Guttman roughly calculated that using an army of 2.8GHz P4s, the group behind the Storm worm would have at least one petabyte of RAM, compared with Blue Gene/L's "paltry 32 terabytes".

Guttman listed 10 supercomputers, comparing the total number of PCs required to achieve equivalent RAM. He estimated 128,000 PCs would be required to match Blue Gene/L while, at the lower end, 10,000 PCs would be needed to match MareNostrum.

Is it comparable?
However, debate rages as to whether a million-strong cluster of computers is the same as a supercomputer.

IBRS security analyst James Turner said that comparing a botnet and a supercomputer is like comparing an army of snipers with a nuclear weapon.

"It takes more than a pile of CPUs and RAM to make a super computer… Any supercomputer like Blue Gene has millions of dollars of R&D, tweaked I/O and an optimised operating system. In all, it's a system with substantial differences to a botnet," he said.

However, Turner said that should the Storm owners want to start breaking encryption codes, they could do it in a similar fashion to the Search for Extraterrestrial Intelligence project, or SETI@home.

SETI@home uses a distributed network of computers to decipher signals from an array of radio telescopes, which listen for signals from outer space.

The SETI@home network, at the time of writing, consists of 158,000 active users, utilizing 1.5 million active hosts in over 200 countries.

Bradley Anstis, director of product management at security firm Marshal, believes the botnet at the Storm gang's disposal is likely to be closer to five million strong.

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

"The SETI@home network is quite different because the owner has full knowledge of any use of their computer. When you start using your computer, its network will back off. This worm, however, seems to be working in the background so it doesn't take all resources, so the average computer user does not notice," said Antsis.

"It has a very high number of distributed nodes, so it can scale faster and a lot larger than any supercomputer. It's certainly a lot of faster than for Cray to bring out its latest supercomputer," he said.

Paul Ducklin, head of technology at Sophos said a supercomputer differs drastically due to how CPU nodes are interconnected and the speed at which data can be pushed from one node to another.

"They [the Storm gang] don't need a 'supercomputer'," said Ducklin. "They just need a wide range of different computers to do their dirty work. It's not so much about CPU, and RAM, and disk space. It's about being able to operate from a widely distributed and ever-moving target. Slim down the target and it becomes much easier to hit."

Besides CPU and RAM, Marshal's Anstis said: "The more worrying thing is bandwidth. Just calculate four million times a standard ADSL connection. That's a lot of bandwidth. It's quite worrying. Having resources like that at their disposal — distributed around the world with a high presence and in a lot of countries — means they can deliver very effective distributed attacks against hosts."

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion