NOT THAT JOURNALISTS EVER EXAGGERATE OR ANYTHING

http://www.itnews.com.au/News/60752,storm-worm-botnet-more-powerful-than-top-supercomputers.aspx

The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world’s top supercomputers.

That’s the latest word from security researchers who are tracking the burgeoning network of Microsoft Windows machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months.

Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it’s one of the largest zombie grids they’ve ever seen—one capable of doing great damage.

“In terms of power, the botnet utterly blows the supercomputers away,” said Matt Sergeant, chief anti-spam technologist with MessageLabs, in an interview. “If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It’s very frightening that criminals have access to that much computing power, but there’s not much we can do about it.”

Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity.

“We’ve seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see,” he said, noting he suspects the botnet could be as large as 50 million computers. “That means they can turn on the taps whenever they want to.”

No one could provide detailed and specific comparisons between the strength of the botnet and the top supercomputers, mainly because it is hard to know for sure the size of the botnet or the power of each computer that is part of the botnet.

Adam Swidler, a senior manager with security company Postini, told InformationWeek that while he thinks the botnet is in the 1 million to 2 million range, he still thinks it can easily overpower a major supercomputer.

“If you calculate pure theoretical throughput, then I’m sure the botnet has more capacity than IBM’s BlueGene. If you sat them down to play chess, the botnet would win.”

Since the botnet won’t be entered in any supercomputer competition, what does this mean for the IT or security manager trying to protect a company?

It means the cyber criminals who control the botnet have a tremendous amount of destructive power at their fingertips. Early this summer, the Baltic nation of Estonia was pounded in a cyberwar that saw distributed denial-of-service attack primarily targeting the Estonian government, banking, media, and police sites.

To protect its network, the country had to shut down key computer systems, and targeted sites were inaccessible outside the country for extended periods.

Swidler said he has no doubt if the Storm worm bosses focused a denial-of-service (DoS) attack on a company, Internet service provider, or government agency inside the United States, it could do a great deal of damage.

“I think there’s no question they could damage any single company, whether through a DoS attack or a spam barrage,” he added. “I’d be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren’t as well protected. But undoubtedly, this could do a great deal of damage.”

Swidler said there’s always the background thought that an enemy of a country could basically rent the botnet and launch a DoS attack, shutting down government agencies, utilities or financial centers.

“It’s a lot of computing power that could be focused to do a lot of damage,” he added. “It’s grid computing gone bad.”

Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It’s set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.

The warning noted that researchers have seen “numerous” Storm-related DoS attacks recently.

MessageLabs’ Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it.

“If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you’re a researcher and launches an attack against you,” he said.

Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn’t have a handle on how big the overall botnet has become but he’s calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money.

“That’s pretty scary,” he said. “Cumulatively, Storm is sending billions of messages a day. It could be double digits in the billions, easily.”

Swidler said that since mid-July, Postini researchers have recorded 1.2 billion e-mails that have been spit out by the botnet. A record was set on Aug. 22 when 57 million virus-infected messages—99 percent of them from the Storm worm—were tracked crossing the Internet.

According to researchers at SecureWorks, the botnet sent out 6,927 e-mails in June to the company’s 1,800 customers. In July, that number ballooned to 20,193,134. Since Aug. 8, they’ve counted 10,218,196.

http://en.wikipedia.org/wiki/Storm_Worm

http://en.wikipedia.org/wiki/Storm_botnet

The Storm botnet, or Storm worm botnet, is a massive Storm worm driven botnet that is estimated to number in the 1,000,000 to 2,000,000 range of infected computer systems. It is more powerful than the world’s top supercomputers. The botnet, or zombie network, is comprised entirely of Windows operating system computers, the only operating system which can contract the Storm worm.[1] An estimated 5,000 to 6,000 computers alone are being used just to help propagate and spread the Storm worm virus itself, and the Postini has noted that 1.2 billion virus e-mails have been sent by the Storm botnet, including a record 57 million infected e-mails on August 22, 2007 alone.

People need to learn how to secure their internets.

That being said I probably have this worm on my computer :D

Wow. I was just reading all about Storm Worm, and was planning to post it on here. This shit it is incredible.

“Kraken” botnet twice the size of Storm:
http://www.darkreading.com/document.asp?doc_id=150292&WT;.svl=news1_1

Very interesting about Kraken. This approach is clearly going to spread:

“While most botnets are controlled through a central server, which if found can be taken down to destroy the botnet, the Storm Worm seeds a botnet that acts in a similar way to a peer-to-peer network, with no centralized control. Each compromised machine connects to a list of a subset of the entire botnet - around 30 to 35 other compromised machines, which act as hosts. While each of the infected hosts share lists of other infected hosts, no one machine has a full list of the entire botnet - each only has a subset, making it difficult to gauge the true extent of the zombie network.”

I wonder how far these things might really have spread. With these botnets using the approach described above, estimates of their size might be way off. How do you detect dormant infected computers which are not sending out emails, for example?

Here’s an article about Kraken:
Kraken stripped of World’s Largest Botnet crown (maybe)

More:
Is it possible to detect today’s peer-to-peer (P2P) botnets?

-

But of course what can you do if people trust technology enough that they believe everything you read on Wikipedia is true?! What happened to citing sources anymore?!

But the oh-so impartial moderators make sure that everything on Wikipedia is sourced properly!

It’s interesting to draw an analogy between p2p botnets and intelligence operation cell structures (sometimes naively known as “terrorist cell structures").

-

This conversation about relying on technology reminded me of an Asimov story I read as a kid (and found immediately upon remembering it):
http://www.themathlab.com/writings/short stories/feeling.htm

Themikenesedude - 25 April 2008 05:44 AM

And that is why I see botnets being encouraged when everyone gets further and further into a zealous technocracy and people don’t rely on doing things the way they’ve been done before computers anymore. But I don’t know maybe I’m oversimplifying too.

No, I think that is a good point actually, the way these botnets work is really novel, they basically re-implement normal network protocols, but do so in such a way that they don’t need reliable hosts, they spread all routing and server processes around multiple physical machines.

Not only do they get lots of reliability this way due to the scale, the more important part is that they can offer complete internet services on what amounts to a virtual private network, routing using fast-flux DNS, so that no one node is ever providing the service for too long. It is a very clever technique, it provides both security and robustness for the botnet. Who would be surprised to see some well-behaved variant of this feature come out in legitimate products? (maybe it already has)

hackers up, suits down!

(oy, squeaking of super-empowered individuals, whoever owns these globe-wide botnets, yikes… huge portions of the internet could be brought down at any time.)

-

Themikenesedude - 26 April 2008 10:21 AM

So basically the point is: If one wants to vaccinate against the powerful zombie bot-nets isn’t the answer to go back to the “oldschool” tech that has worked for hundreds of thousands of years? I mean not a total reversal but just realizing that the “obsolete” (less cool, easily adaptable, less trendy- actually NON-obsolete) tech reigns supreme? (For example, you can still write with a pencil or pen. Unless someone breaks a pen. But if someone breaks a pencil you can still take one end of that pencil and sharpen it and still use the eraser. If a pencil is dull one can sharpen it. Word processors can be prone to jealous and malicious attacks

No. The unthinking masses will remain vulnerable to their computers being subverted. Those with a technical inclination will be fine.
Word processors? What the fuck are you using a word processor for? Plain old ASCII not good enough for you? 8P

Themikenesedude - 26 April 2008 10:21 AM

but of course the worst possible form of storage is a hard drive, especially since it’s not popular for people to back up what is on their hard drive onto removable media like floppy disks, superdrives, CDs, flash drives, etc. Ask anyone you know how often they back up their files. Hard drives are actually useful for anyone doing any forensics but for casual users like myself and other people on these boards who are more concerned with how well they function for data retention than data recovery it’s hard and delicate [See ]http://computer.howstuffworks.com/hard-disk2.htm])

Yeah, because the black boxes in planes contain a midget with a biro, and paper isn’t flammable.
Backups are easily automated, just ask anyone who works in a datacenter/runs a website.
Again: unthinking masses = fucked. The curious = fine.

Themikenesedude - 26 April 2008 10:21 AM

It’s so simple that any of the corporations/agencies zealous over this software hardware can’t even see it (especially since this possible solution just doesn’t sound as sexy as building the “million dollar firewall” to disrupt the botnets.)

Themikenesedude - 26 April 2008 10:21 AM

Look at it this way: When no system is secure (http://www.glr.com/stalk.html [No I don’t promote the “stalking” theme of the page or endorse it in any way whatsoever. I just believe that info should be free so everyone knows the leaks in their privacy, the consequences of those leaks, and how to combat those leaks]) why not just create a “ring” of computers that our tax dollars go to to become one with the botnets. These would be computers that would go to waste. Maybe these could be the previously infected public, library/university/govt.-pwned computers and that could save on budgets. So there could be a center for all of these computers to be locked into their own network (It’s like one of my favorite movies that unfortunately didn’t get the credit it deserves: “The Video Dead”. In this flick zombies have to be isolated and locked in a room to not go after people. Then they eat each other because they can’t fight their hunger for human “bbrraiiinnnss”. Think of it like being opposite of the vampire-rule ["Don’t invite them in or you can get rid of vampires as easily as you can get rid of that herpes from the last Crystal Lake keg party."]. Anyway to come up with a horror analogy people can relate with: Just lock the computers in a secure area, throw away the key for the infected computer area, and have the zombie botnet cannibalize itself.)

Being a peer-to-peer command and control setup the idea you propose is good and may have worked with a conventional botnet but would be neigh on impossible here,

Themikenesedude - 26 April 2008 10:21 AM

Flash drives can be used for any library, etc. databases. At the times when computers are used to take care of the essentials that should be done by pen and paper or ink and paper somehow, flash drives could be temporary, re-writable storage.

Or you could just learn to secure your shit?

Themikenesedude - 26 April 2008 10:21 AM

Flash drives could be bought in bulk and that would be good for the environment since they are a recyclable form of media (You can read and write to them as much as you want as opposed to CD-Rs.) And the major usage of USB flash drives could drive flash drive prices down and the cost of memory down.

More expensive than what it’s worth and like all things they degrade and break over time.

Themikenesedude - 26 April 2008 10:21 AM

There could be live feeds of decentralized live feeds that all combine to networks with their own centers of gravity (They map out in communities to form into backbones onto themselves.). So there is live internet recording open to review by the public (like court-recording) that can be streamed via text- Actually no have the data on the flash drives encrypted and inserted into the megadatabases (encrypted so they could not be peeked at or exploited especially) and distributed live via video so that gaps in live video feeds can be accounted for. There could be a review within a certain timeline that would happen before utilizing the databases. Yeah it could be a public thing like a presidential oath.

At first you kinda explained what the internet actually does but then you stopped making sense.

Themikenesedude - 26 April 2008 10:21 AM

What I’m talking about the data being transported to is sort of like a Cloud Computer. Except data could be transmitted to paper and then transported to space. (Already there is Virgin Airlines Space- Why not?) There could be those who would take the paper to space within a certain timeline and with renewable fuels. Later after some shifts the paper would be transported back to earth within a certain amount of time, audited for originality, given the OK, and transported back to metadatabases from flash drives. It almost seems too perfect.

It almost seems too naive.
Let me propose my own solution: We all switch to OpenBSD and learn how to use PF efficiently.

Themikenesedude - 26 April 2008 10:21 AM

So wouldn’t this prevent zombie botnets because it would encourage more reliance on paper-based media?

It’d make the world less productive than it already is too.

Themikenesedude - 26 April 2008 10:21 AM

Or maybe I’m thinking too much about it or making it more complicated than it has to be....

Hivemind.

Themikenesedude - 26 April 2008 10:21 AM

My point is this: 1) Finding a method to isolate the zombie botnet so it satisfies itself off of its own AI. 2) Finding a method to detract zombie botnets by not utilizing so many important databases over the ether of the internet rather than tangible, more secure, more thought-out forms of removable media (It’s like this- When PCs are more popular or advertised what are viruses made for?? PCs- because they will more likely be in use. So balance the scales and Windows-based machines are less likely to be hit for viruses. Of course you could always use Linux, since how many people even boast about using Linux anymore? So making a virus for Linux might as well hardly be as l33t!) 3) Somehow appealing to the importance of portability and how that is a significant factor of growing essential databases so that botnets are not as attractive because, yes, portability for several gigabyte or terabyte machines that are capable of holding tons of information because of their size can be useful in a world with a growing population and more important forms or statistics but the old methods are still seen as important because they have hardly failed.... So the scales are evened.

1) Things don’t work like that. Storm isn’t/wasn’t inherently smart, it was just coded to be on the lookout for attempts at compromise, and lash out at anyone doing so.
2) Or we could just learn to secure our shit.
You’re quite right about linux though, and it certainly can be as vulnerable as windows.
3) Only 37% of that growing population is connected to the internet.
You’re also missing a major point of internet use though: business. It’s just too unfeasable, convoluted and costly to switch to what you propose. Especially for businesses.

Themikenesedude - 26 April 2008 10:21 AM

But what I wonder is would that be too simple or too complicated for dealing with a botnet that is so strong and resilient it can infect the computers looking for it.... Hmmm…

Neither because it wouldn’t work to begin with.

On a related note, the super empowered individual concept instantly reminded me of this: http://video.google.com/videoplay?docid=-5643217366887354926&ei=9rWtSLL9AoH-jQK60tTjBQ

-

Haha, excellent :D

I can’t remember where those stats are from but I think it comes down to most residential parts of East India and Africa not having many computers to begin with.

Hmm.. Where do I begin on PF?
Linux itself is just a kernel, the core of the operating system, and close to this core is a component named IPtables.
IPtables is awesome, it allows you fine grained control over your internet connections and how break-in attempts are logged etc.

PF is the BSD equivalent. It’s really down to a matter of choice and what works for you.

Linux is not inherently invulnerable just because the world and his dog don’t use it, more people than you think are using it.
Hell, IBM started releasing television ads for it five years ago. ( http://www.youtube.com/watch?v=EwL0G9wK8j4 )

At the end of the day I don’t think computing is about being able to tell your friends you’re better than them because you’re using a different OS, if you read any book on OS design it will tell you the main function of the OS is to be invisible to the end user, to get out of the way while the person gets things done.

Pick an Operating System that makes you most productive, whatever your definition of productive is.

The number of compromised zombie PCs in botnet networks has quadrupled over the last three months, according to figures from the Shadowserver Foundation.

http://www.theregister.co.uk/2008/09/02/zombie_surge/
http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.BotCounts