Bitchkoma
06-02-2008, 03:35 PM
http://en.wikipedia.org/wiki/Storm_botnet
I'm awed and impressed by this.
Here's an excerpt:The Storm botnet and its variants employ a variety of attack vectors, and an equally wide[citation needed] variety of defensive steps exist as well. The Storm botnet was observed to be defending itself, and attacking computer systems that scanned for Storm virus-infected computer systems online.[29] The botnet will defend itself with DDoS counter-attacks, to maintain its own internal integrity.[12] At certain points in time, the Storm worm used to spread the botnet has attempted to release hundreds or thousands of versions of itself onto the Internet, in a concentrated attempt to overwhelm the defenses of anti-virus and malware security firms.[30] According to Joshua Corman, an IBM security researcher, "This is the first time that I can remember ever seeing researchers who were actually afraid of investigating an exploit."[31] Researchers are still unsure if the botnet's defenses and counter attacks are a form of automation, or manually executed by the system's operators.[31] "If you try to attach a debugger, or query sites it's reporting into, it knows and punishes you instantaneously. [Over at] SecureWorks, a chunk of it DDoS-ed [directed a distributed-denial-of-service attack] a researcher off the network. Every time I hear of an investigator trying to investigate, they're automatically punished. It knows it's being investigated, and it punishes them. It fights back," Corman said.[32]
And they've got good reason to fear this botnet:Back-end servers that control the spread of the botnet and Storm worm automatically re-encode their distributed infection software twice an hour, for new transmissions, making it difficult for anti-virus vendors to stop the virus and infection spread. Additionally, the location of the remote servers which control the botnet are hidden behind a constantly changing DNS technique called ‘fast flux’, making it difficult to find and stop virus hosting sites and mail servers. In short, the name and location of such machines are frequently changed and rotated, often on a minute by minute basis.[20] The Storm botnet's operators control the system via peer-to-peer techniques, making external monitoring and disabling of the system more difficult.[21][22] There is no central "command-and-control point" in the Storm botnet that can be shut down.[23] The botnet also makes use of encrypted traffic.[24]
It's like guerrilla tactics. And check this out:According to Matt Sergeant, chief anti-spam technologist at MessageLabs, "In terms of power, [the botnet] utterly blows the supercomputers away. If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it."[17] It is estimated that only 10%-20% of the total capacity and power of the Storm botnet is currently being used.[27]
Behold the power of distributed computing.
And then a scary thought crossed my mind. What if they figure out how to infect and control GPU processing power as well? (See this Wired article (http://www.wired.com/gadgets/displays/news/2008/06/gpu) for details) That's like distributed parallel computing!
I'm awed and impressed by this.
Here's an excerpt:The Storm botnet and its variants employ a variety of attack vectors, and an equally wide[citation needed] variety of defensive steps exist as well. The Storm botnet was observed to be defending itself, and attacking computer systems that scanned for Storm virus-infected computer systems online.[29] The botnet will defend itself with DDoS counter-attacks, to maintain its own internal integrity.[12] At certain points in time, the Storm worm used to spread the botnet has attempted to release hundreds or thousands of versions of itself onto the Internet, in a concentrated attempt to overwhelm the defenses of anti-virus and malware security firms.[30] According to Joshua Corman, an IBM security researcher, "This is the first time that I can remember ever seeing researchers who were actually afraid of investigating an exploit."[31] Researchers are still unsure if the botnet's defenses and counter attacks are a form of automation, or manually executed by the system's operators.[31] "If you try to attach a debugger, or query sites it's reporting into, it knows and punishes you instantaneously. [Over at] SecureWorks, a chunk of it DDoS-ed [directed a distributed-denial-of-service attack] a researcher off the network. Every time I hear of an investigator trying to investigate, they're automatically punished. It knows it's being investigated, and it punishes them. It fights back," Corman said.[32]
And they've got good reason to fear this botnet:Back-end servers that control the spread of the botnet and Storm worm automatically re-encode their distributed infection software twice an hour, for new transmissions, making it difficult for anti-virus vendors to stop the virus and infection spread. Additionally, the location of the remote servers which control the botnet are hidden behind a constantly changing DNS technique called ‘fast flux’, making it difficult to find and stop virus hosting sites and mail servers. In short, the name and location of such machines are frequently changed and rotated, often on a minute by minute basis.[20] The Storm botnet's operators control the system via peer-to-peer techniques, making external monitoring and disabling of the system more difficult.[21][22] There is no central "command-and-control point" in the Storm botnet that can be shut down.[23] The botnet also makes use of encrypted traffic.[24]
It's like guerrilla tactics. And check this out:According to Matt Sergeant, chief anti-spam technologist at MessageLabs, "In terms of power, [the botnet] utterly blows the supercomputers away. If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it."[17] It is estimated that only 10%-20% of the total capacity and power of the Storm botnet is currently being used.[27]
Behold the power of distributed computing.
And then a scary thought crossed my mind. What if they figure out how to infect and control GPU processing power as well? (See this Wired article (http://www.wired.com/gadgets/displays/news/2008/06/gpu) for details) That's like distributed parallel computing!