On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet

September 6th, 2007

Storm Worm botnet could be world's most powerful supercomputer

Posted by Ryan Naraine @ 8:41 am

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Operation, Supercomputer, Malware, Worm, Ryan Naraine

Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world’s most powerful supercomputer.

The Trojan, which uses a myriad of social engineering lures to trick Windows users into downloading malware, has successfully seeded a massive botnet — between one million and 10 million CPUs — producing computing power to rival the world’s top 10 supercomputers

By New Zealand computer scientist Peter Gutman’s calculations, the Storm Worm botnet “may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals.”

The question remains, now that they have the world’s most powerful supercomputer system at their disposal, what are they going to do with it?

At current infection rates, Gutman’s concerns are genuine and the relentless nature of the ongoing attacks suggest that the criminal minds behind this botnet are far from satisfied.

[SEE: Botnet assault: Spammers launch DDoS offensive ]

Malware researchers tracking the threat are privately awed by the sheer volume of spam with social engineering lures to malicious executables. “It’s nonstop, never-ending,” said a virus analyst at a major computer security firm.

The attackers have tied the spam lures to global news events, links to YouTube videos and online greeting cards. The sophisticated operation includes the use of fast-flux networks to avoid shutdowns, a rootkit component to hide from anti-virus scanners and a P2P command-and-control structure that makes it near impossible to kill the controlling server.

The Storm Worm attackers have also hacked into legitimate Web sites and used iFrame redirects to send surfers to Web servers hosting malware downloaders.

Now, according to Finjan security researcher Aviv Raff, the group has started to target tech-savvy computer users.

“Up until now, they’ve put greeting cards for holidays, and video downloads. Today they’ve changed their website and put a “Download Tor” Web page,” Raff said in an interview.

Storm Worm botnet could be world’s most powerful supercomputer

The page displays a legitimate looking download page for the Tor (The Onion Router) network anonymity proxy and a “download now” image that points to a malicious “tor.exe” file.

Raff said the malicious pages are hosting exploits from the MPack crimeware toolkit, which recently added new Internet Explorer and Yahoo Webcam exploits.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 150 Talkback(s)
Increase user awareness of malware
We need to increase user awareness of malware (what it is, how to spot it, how to spot common scams, phishing attempts, etc) and we need Microsoft to continue to step up the security in their client e... (Read the rest)
Posted by: John Musbach Posted on: 11/28/07 You are currently: a Guest | | Terms of Use
What is being done  Badgered | 09/06/07
Can you imagine  TripleII | 09/06/07
Since we've known of this problem for so long..  xuniL_z | 09/06/07
It all comes down to:  Suicida| | 09/06/07
I wonder if it's just financial or legal  xuniL_z | 09/07/07
What?  merc2dogs` | 09/07/07
I agree and that's why...  xuniL_z | 09/07/07
Good Luck on that!  crawdad2k | 09/07/07
Message has been deleted.  nomorems | 09/08/07
Location of...  Information_z | 09/10/07
Message has been deleted.  nomorems | 09/08/07
Viewing e-mail through a website...  Information_z | 09/10/07
What would prevent the ISPs  xuniL_z | 09/11/07
Yes BUT...  sashkashurik | 10/30/07
If you give power...  rcblues | 11/02/07
RE: Storm Worm botnet could be world's most powerful supercomputer  kcredden2 | 09/06/07
Would probably be illegal, lol.  TripleII | 09/06/07
Gee...  nomorems | 09/08/07
You mean...  mdsmedia | 09/06/07
RE: Storm Worm botnet could be world's most powerful supercomputer  Kid Icarus-21097050858087920245213802267493 | 09/06/07
On the bright side....since they are linking to Gutmann's estimates  xuniL_z | 09/06/07
Message has been deleted.  nomorems | 09/08/07
Re: since they are linking to Gutmann's estimates  Kid Icarus-21097050858087920245213802267493 | 09/10/07
back when I was a Windoze user  A.Lizard | 10/30/07
RE: Storm Worm botnet could be world's most powerful supercomputer  DaffyDuck | 09/06/07
I think  Badgered | 09/06/07
Message has been deleted.  nomorems | 09/08/07
Message has been deleted.  nomorems | 09/08/07
Most IT users scream for...  bjbrock | 09/06/07
Another license, come on you can do better than that!  crawdad2k | 09/07/07
The internet is not in a mess.  nomorems | 09/08/07
It's Superman III All Over Again  racingmustang | 09/06/07
controlled not by a government or mega-corporation but by criminals.?  racingmustang | 09/06/07
Minor Correction  dick214@... | 09/07/07
Criminals?  truthsupplier@... | 09/10/07
Re: Criminals?  swoods@... | 09/10/07
Hmm..A .EXE File.....  itanalyst | 09/06/07
Yeah, its impossible to write an application  No_Ax_to_Grind | 09/06/07
Yeppir  D. T. Schmitz | 09/06/07
People Who Use Linux Have Common Sense  itanalyst | 09/06/07
Interesting how you have to  GuidingLight | 09/07/07
Message has been deleted.  itanalyst | 09/08/07
Message has been deleted.  nomorems | 09/08/07
Open mind  ethana2 | 09/15/07
Yeah, thats usually how linux spreads  g2g591 | 10/30/07
Oh, And Another Thing  itanalyst | 09/06/07
Oh.  xuniL_z | 09/07/07
Message has been deleted.  nomorems | 09/08/07
Yes its possible  Suicida| | 09/06/07
Apparently...  jasonp@... | 09/07/07
Shut You Up Quick Didn't We Bitty Boy?  itanalyst | 09/07/07
And here all along the ABMer's claimed  GuidingLight | 09/07/07
Too bad it took a Worm to pull it off.  Kid Icarus-21097050858087920245213802267493 | 09/10/07
Message has been deleted.  nomorems | 09/08/07
Way to go Windows!  DarthRidiculous | 09/06/07
Security is only as strong as its weakest link.  Bozzer | 09/06/07
There *is* a way to help alleviate this...  fde101 | 09/07/07
Tried Mac OSX lately?  nomorems | 09/08/07
Sure, but that's not...  fde101 | 09/10/07
OSX? Last I heard...  ethana2 | 09/15/07
RE: give authorization...  GreyGeek | 09/07/07
The liklihood was very very high....  xuniL_z | 09/06/07
Then please enlighten the world  zkiwi | 09/06/07
Not worthy of a reply.  xuniL_z | 09/07/07
You stole my IP  Ole Man | 09/10/07
do you try, or does it come naturally....  mdsmedia | 09/06/07
I really doubt another ad hominem attack from you  xuniL_z | 09/06/07
Except...  zkiwi | 09/06/07
well, i guess it just goes to show how  xuniL_z | 09/07/07
sociopaths are resposable for this  morwen | 10/30/07
Dumb as toast  Cayble | 09/07/07
nicely said.  xuniL_z | 09/07/07
Speaking of dumb as toast  zkiwi | 09/08/07
Is this what you mean....  xuniL_z | 09/09/07
I think you need to rethink  zkiwi | 09/09/07
ok.  xuniL_z | 09/09/07
seriously, why don't you tell the world  xuniL_z | 09/09/07
"What do you base that on?"  Ole Man | 09/10/07
Evidence?  zkiwi | 09/10/07
And as far as to why linux is more secure  zkiwi | 09/10/07
Ole man......half of the dynamic duo  xuniL_z | 09/10/07
zkiwi.. if we are only going to list  xuniL_z | 09/10/07
referring to "current events", Zuny?  Ole Man | 09/10/07
thanks ole man  xuniL_z | 09/10/07
You're welcome, Zuny, but.......  Ole Man | 09/10/07
Yeah, i was kidding  xuniL_z | 09/10/07
how do we decide? Simple....we don't  Ole Man | 09/10/07
The current botnet?  zkiwi | 09/10/07
Are you getting snarky?  xuniL_z | 09/10/07
ole man.......say what?  xuniL_z | 09/11/07
say what?  Ole Man | 09/11/07
You still are not viewing it correctly.  xuniL_z | 09/11/07
via forums is not going to do much good?  Ole Man | 09/11/07
well i suppose you are right  xuniL_z | 09/12/07
The problem with what you are saying is  Kid Icarus-21097050858087920245213802267493 | 09/07/07
sigh.  xuniL_z | 09/07/07
Ummm,.. didn't say it wasn't possible with other OSs  Kid Icarus-21097050858087920245213802267493 | 09/09/07
The problem with what you are saying is ...  Cayble | 09/07/07
WOW, calm down, Boris!!  Kid Icarus-21097050858087920245213802267493 | 09/09/07
if, and, but, maybe, coulda, woulda, shoulda, unless, suppose?  Ole Man | 09/10/07
RE: Gutmann is clueless...  GreyGeek | 09/07/07
The basis for my statements.  xuniL_z | 09/07/07
No one need spin anything, Gerri  GuidingLight | 09/06/07
another lesson...  jasonp@... | 09/07/07
The proof lies within common sense  GuidingLight | 09/07/07
Common sense would dictate  Ole Man | 09/10/07
So What  Cayble | 09/07/07
I'm with you on this one as well.  xuniL_z | 09/07/07
Interrupting This Episode of "Hatfields and McCoys"  dumptux | 09/08/07
running anti-virus  RIAAsucks | 09/06/07
RE: if they only ran anti-virus ...  GreyGeek | 09/07/07
Since you seem well studied on this...  xuniL_z | 09/09/07
Looks like it's time  co-eddy | 09/06/07
Erm...  zkiwi | 09/06/07
please have a clue  xuniL_z | 09/07/07
A clue?  zkiwi | 09/08/07
Yes, a clue.  xuniL_z | 09/09/07
Are you the missing Conchord?  xuniL_z | 09/09/07
Ah, more cultural ignorance  zkiwi | 09/10/07
"close pin"  Ole Man | 09/10/07
Are you two a couple?  xuniL_z | 09/10/07
yeah, close pin  Ole Man | 09/10/07
nah.  xuniL_z | 09/10/07
Ah, more delusions of grandeur  xuniL_z | 09/11/07
Also, about Windows Defender  xuniL_z | 09/12/07
RE: looks like it's time  GreyGeek | 09/07/07
Pretty soon  Suicida| | 09/06/07
If only these crims were a company!  whisperycat | 09/07/07
Napolean complex much? (nt)  Badgered | 09/07/07
I would imagine they are poud  GuidingLight | 09/07/07
innocent looking websites  captainjoe@... | 09/07/07
duh  ejb78923 | 09/07/07
DUH  captainjoe@... | 09/07/07
That's a sad state of affairs,  crawdad2k | 09/07/07
The only *free* software you can trust is...  kamahl928 | 09/07/07
Is that a joke?  ethana2 | 09/15/07
RE: Storm Worm botnet could be world's most powerful supercomputer  Old Timer 8080 | 09/07/07
RE: P1  GreyGeek | 09/07/07
RE: Storm Worm botnet could be world's most powerful supercomputer  crawdad2k | 09/07/07
Message has been deleted.  nomorems | 09/08/07
Here's a good suggestion.  joe.smetona@... | 09/11/07
ISP's Should Worry  richard.n.carpenter@... | 09/17/07
Licence Smicence  Free-BooteR | 10/30/07
How to use this technology in a positive way?  emenau | 10/30/07
Average estimates overrated  shadowwalker1@... | 10/30/07
Fight fire with fire  biz@... | 10/31/07
Supercomputer botnet  apcyrino@... | 11/02/07
BTW  apcyrino@... | 11/02/07
Just found a worm in Firefox for Mac cache  jvfinders | 11/25/07
Increase user awareness of malware  John Musbach | 11/28/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and