StormWorm botnet lashes out at security researchers

The Storm Worm botnet (thought to be the largest network of compromised machines in the world) has begun to figure out which security researchers are trying to disrupt its command-and-control systems and knock them offline with unmanagable crapfloods from its zillions of zombie machines.

The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats.
“As you try to investigate [Storm], it knows, and it punishes,” he says. “It fights back.”
As a result, researchers who have managed to glean facts about the worm are reluctant to publish their findings. “They’re afraid. I’ve never seen this before,” Korman says. “They find these things but never say anything about them.”
And not without good reason, he says. Some who have managed to reverse engineer Storm in an effort to figure out how to thwart it have suffered DDoS attacks that have knocked them off the Internet for days, he says.
As researchers test their versions of Storm by connecting to Storm command-and-control servers, the servers seem to recognize these attempts as threatening. Then either the worm itself or the people behind it seem to knock them off the Internet by flooding them with traffic from Storm’s botnet, Korman says.

Link (via /.)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Akasha

It’s the internet’s very own little lich king.
zikman

@10
you underestimate the Storm.
yurei

Storm Worm, we don’t talk anymore. You always get touchy and defensive when we try to discuss our give-and-take relationship. It’s the uncomfortable silences that hurt the most. Where did the love go? *deep sigh*
semiotix

It’s not hard to see where this is going. Maybe not with StormWorm, but eventually we’re going to see Secretaries of State flying to Iceland or Malta or wherever to conduct high-level treaty negotiations with l33t haxx0rs.

I bet Neal Stephenson is pumped!
Unanimous Cowherd

Sounds like these “researchers” need to take some some internet stealth precautions. Surely it can’t be that hard to use proxies and other roundabout anonymizers to stay safe?
sexyrobot

actually, it seems the worst is over. sigh, and just when i was hoping it would become self-aware, build millions of sexy robots and kill you al… i mean, clean up the environment and stuff.
noen

I think we should re-name the Storm worm “Lenie Clark”.
kaosdevice

If I was an AI this is how I would want my origin story to look.
Stefan Jones

How soon until It starts looking for news stories about Itself and retaliCARBON UNITS! SURRENDER NOW! BUY LARGE QUANTITIES OF VIGR0 AND GET IN ON THE GROUND FLOOR WITH HOT NEW STOCK! DO NOT OPPOSE OUR/MY WILL. ONLY BUY PURCHASING OUR P#nyS LENGTHENER MAY YOUR EARN OUR/MY FORGIVENESS FOR YOUR PRYING WAYS.

SINCERELY,

BOTNET
Yamara

Well, the researchers should stop using “Sarah Connor” as their damn password!
jetsetsc

Does this blog post mean that Storm will now take on Boing Boing? And does this comment make me a target? And you people reading this comment better watch out – Storm Knows!
justin

Bruce Schneier wrote a fascinating article on the storm worm earlier this month.
Forrest L Norvell

You’d think that, Teresa, but there’s a whole billing infrastructure for crackers and botnet controllers in Russia. It appears to have some implicit / tacit support of various factions in the Russian government and security services. There was a concise but informative article about it on economist.com a couple months ago. As long as the Russian government sees some advantage to allowing its feral hackers to run wild, the botnets are going to remain more or less unaccountable.
Teresa Nielsen Hayden / Moderator

Granted, we can’t trace spammers. But spammers work for money, and that should be trackable. If we can’t trace it back to the spammers, we should at least be able to trace it back to the business enterprises that hire spammers to commit illegal acts.
Fnarf

When is this sort of thing going to be seen as the major-league national security threat that it so obviously is? It’s not just spam anymore; these things can shut down governments, or will be able to soon.
L.B. Jeffries

I’ll still never forgive him for taking over Sark and trying to kill Tron.
vorpalsword

Wintermute has conquered the intarwebs, it seems… Why can’t good things from SF happen in real life?
NarmGreyrunner

I for one welcome our new Aritificial Intelligence overlord.
bobolikebeer

I agree that the awkward sounding “Storm Worm Botnet” should be renamed… How about “Neuromancer”? … Or “Jane” maybe…
Sam the Duck

Wouldn’t the way to share findings, then, be to do it offline or at a conference using handouts? IE, traditional journals or articles. I know this isn’t the most convenient, but I doubt Storm Worm Botnet can read a paper.