StormWorm botnet lashes out at security researchers

The Storm Worm botnet (thought to be the largest network of compromised machines in the world) has begun to figure out which security researchers are trying to disrupt its command-and-control systems and knock them offline with unmanagable crapfloods from its zillions of zombie machines.
The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats.

“As you try to investigate [Storm], it knows, and it punishes,” he says. “It fights back.”

As a result, researchers who have managed to glean facts about the worm are reluctant to publish their findings. “They’re afraid. I’ve never seen this before,” Korman says. “They find these things but never say anything about them.”

And not without good reason, he says. Some who have managed to reverse engineer Storm in an effort to figure out how to thwart it have suffered DDoS attacks that have knocked them off the Internet for days, he says.

As researchers test their versions of Storm by connecting to Storm command-and-control servers, the servers seem to recognize these attempts as threatening. Then either the worm itself or the people behind it seem to knock them off the Internet by flooding them with traffic from Storm’s botnet, Korman says.

Link (via /.)

20

  1. How soon until It starts looking for news stories about Itself and retaliCARBON UNITS! SURRENDER NOW! BUY LARGE QUANTITIES OF VIGR0 AND GET IN ON THE GROUND FLOOR WITH HOT NEW STOCK! DO NOT OPPOSE OUR/MY WILL. ONLY BUY PURCHASING OUR P#nyS LENGTHENER MAY YOUR EARN OUR/MY FORGIVENESS FOR YOUR PRYING WAYS.

    SINCERELY,

    BOTNET

  2. Does this blog post mean that Storm will now take on Boing Boing? And does this comment make me a target? And you people reading this comment better watch out – Storm Knows!

  3. I agree that the awkward sounding “Storm Worm Botnet” should be renamed… How about “Neuromancer”? … Or “Jane” maybe…

  4. Wouldn’t the way to share findings, then, be to do it offline or at a conference using handouts? IE, traditional journals or articles. I know this isn’t the most convenient, but I doubt Storm Worm Botnet can read a paper.

  5. Storm Worm, we don’t talk anymore. You always get touchy and defensive when we try to discuss our give-and-take relationship. It’s the uncomfortable silences that hurt the most. Where did the love go? *deep sigh*

  6. It’s not hard to see where this is going. Maybe not with StormWorm, but eventually we’re going to see Secretaries of State flying to Iceland or Malta or wherever to conduct high-level treaty negotiations with l33t haxx0rs.

    I bet Neal Stephenson is pumped!

  7. Sounds like these “researchers” need to take some some internet stealth precautions. Surely it can’t be that hard to use proxies and other roundabout anonymizers to stay safe?

  8. actually, it seems the worst is over. sigh, and just when i was hoping it would become self-aware, build millions of sexy robots and kill you al… i mean, clean up the environment and stuff.

  9. When is this sort of thing going to be seen as the major-league national security threat that it so obviously is? It’s not just spam anymore; these things can shut down governments, or will be able to soon.

  10. Wintermute has conquered the intarwebs, it seems… Why can’t good things from SF happen in real life?

  11. Granted, we can’t trace spammers. But spammers work for money, and that should be trackable. If we can’t trace it back to the spammers, we should at least be able to trace it back to the business enterprises that hire spammers to commit illegal acts.

  12. You’d think that, Teresa, but there’s a whole billing infrastructure for crackers and botnet controllers in Russia. It appears to have some implicit / tacit support of various factions in the Russian government and security services. There was a concise but informative article about it on economist.com a couple months ago. As long as the Russian government sees some advantage to allowing its feral hackers to run wild, the botnets are going to remain more or less unaccountable.

Comments are closed.