Posted by Mr Darani Vasan |
|
Filed under : Kioskea - Tribune >> Viruses >> Trojan >> Best ever virus that ruled the world... Key words : security,storm,storm botnet,virus,botnet,Best ever virus that ruled the world...21 Mar, 2008 05:11 pm | |
 | |
Enlarge text
Reduce text size
Add to Facebook
Add to Yahoo ! MyWeb
Add to Furl
Add to Del.icio.us
Add to Digg
Add to Google Bookmarks
Add to NewsvineStorm botnet are remotely controlled conputers linked via the Storm Worm (Trojan) and in September 2007 is estimated to control up to 50 million computers. It was potentially more powerful than the world's super computers.
Storm worm botnet is a remotely-controlled network of "zombie" computers (or "botnet") that has been linked by the Storm Worm, a Trojan horse spread through e-mail spam. Some have estimated that by September 2007 the Storm botnet was running on anywhere from 1 million to 50 million computer systems. Other sources have placed the size of the botnet to be around 250,000 to 1 million compromised systems. More conservatively, one network security analyst claims to have developed software that has crawled the botnet and estimates that it controls 160,000 infected computers. The Storm botnet was first identified around January 2007, with the Storm worm at one point accounting for 8% of all malware on Microsoft Windows computers.
The Storm botnet has been used in a variety of criminal activities. Its controllers, and the authors of the Storm Worm, have not yet been identified. The Storm botnet has displayed defensive behaviors that indicated that its controllers were actively protecting the botnet against attempts at tracking and disabling it. The botnet has specifically attacked the online operations of some security vendors and researchers who attempted to investigate the botnet. Security expert Joe Stewart revealed that in late 2007, the operators of the botnet began to further decentralize their operations, in possible plans to sell portions of the Storm botnet to other operators. Some reports as of late 2007 indicated the Storm botnet to be in decline, but many security experts reported that they expect the botnet to remain a major security risk online, and the United States Federal Bureau of Investigation considers the botnet a major risk to increased bank fraud, identity theft, and other cybercrimes.
The botnet reportedly is powerful enough as of September 2007 to force entire countries off the Internet, and is estimated to be capable of executing more instructions per second than some of the world's top supercomputers. However, it is not a completely accurate comparison, according to security analyst James Turner, who said that comparing a botnet to a supercomputer is like comparing an army of snipers to a nuclear weapon. Bradley Anstis, of the United Kingdom security firm Marshal, said, "The more worrying thing is bandwidth. Just calculate four million times a standard ADSL connection. That's a lot of bandwidth. It's quite worrying. Having resources like that at their disposal—distributed around the world with a high presence and in a lot of countries—means they can deliver very effective distributed attacks against hosts."
Computer security expert Joe Stewart detailed the process by which compromised machines join the botnet: attempts to join the botnet are made by launching a series of EXE files on the computer system in question, in stages. Usually, they are named in a sequence from game0.exe through game5.exe, or similar. It will then continue launching executables in turn. They typically perform the following:
1. game0.exe - Backdoor/downloader
2. game1.exe - SMTP relay
3. game2.exe - E-mail address stealer
4. game3.exe - E-mail virus spreader
5. game4.exe - Distributed denial of service (DDos) attack tool
6. game5.exe - Updated copy of Storm Worm dropper
At each stage the compromised system will connect into the botnet; fast flux DNS makes tracking this process exceptionally difficult. This code is run from %windir%\system32\wincom32.sys on a Windows system, via a kernel rootkit, and all connections back to the botnet are sent through a modified version of the eDonkey/Overnet communications protocol.
Article originally published on : Tweaks
| |||
| [1] |
This is really freaking me out! It would be very interesting in my opinion to follow the discussion about this Storm botnet. Comment by Katy - 24 Mar, 2008 10:44 am | ||
| |||
Post comment
