back to article The balkanization of Storm Worm botnets

Creators of the Storm Worm Trojan have introduced a change to their malware that could help administrators trying to fortify their ISPs and networks against the prolific pest. PCs infected by Storm in the past week or so use a 40-byte key to encrypt traffic sent through Overnet, a peer-to-peer protocol that helps individual …

COMMENTS

This topic is closed for new posts.
Thumb Up

good article

Very nicely written very concise a little disconserting of course but well written none the less.

0
0
Thumb Down

Not A Worm

Once again. It's bloody well not a worm. It's a trojan. Ever since this outbreak of sillyness started it's always been a trojan.

0
0
Boffin

Switch them off?

Can't we just switch off Asia and Eastern Europe. Let the bastards have their own internet, and leave us honest folks alone.

We lose the botnets, worms and hacked WoW accounts, they lose spam and 419s - everyone's a winner.

0
0

Switch the US off too?

Switch off Asia and Eastern Europe?

An analysis done by an associate has shown that the country with the greatest proportion of bots hosting spammer sites is the U.S. Should we switch them off too mate? See here...

http://spamtrackers.eu/wiki/index.php?title=Botnet_hosting#Botnet_Geography_Charts

BTW not everyone in Asia is a dishonest bastard (as you implied)!

0
0
Bronze badge
Thumb Down

Not a well written article

Actually sounds more like a good defensive strategy by the bad guys, and one of the main implications not touched upon by the article is that it makes it harder for other people to use those technologies for legitimate purposes. Were you thinking that encryption would add something good to a legitimate P2P service you are designing? Well, you better forget it now. However from the spammer's perspective, it puts their eggs into different baskets that are more strongly separated from each other, which may make it harder to get all of them.

I thought the article was another overly light populist approach to a complicated problem. Maybe the author does know his stuff--or maybe not. I'd have liked to see some links to heavier secondary sources that the Bleeding Edge Threats page.

0
0
Silver badge

Re:Switch the US off too?

Won't need to. In the name of Homeland Security, they'll be switching themselves off by the end of next year.

0
0
Anonymous Coward

@Andy Bright

Most inappropriate name evah!

Actually, most attacks on my servers seem to come from Belgium.

0
0
Thumb Down

I am with Shannon: poor article

Storm is a very devious, complex and well-designed malevolent toolset. For a really good insight into all aspects of the design I would refer all readers who have got here and want to understand more to go to Bruce Schneier's blog, which has its home at:

http://www.schneier.com/crypto-gram.html, look for "The Storm Worm" in the October 2007 archive page (it has 'fallen off the bottom' of the current page)

Bruce's entry refers out to a number of other articles and has attracted somehwat in excess of 100 comments.

0
0
Stop

storm rules not useful

Just a warning to those wanting to use those Snort signatures - those rules are so generic, you are going to be chasing false positives all day and night.

0
0
This topic is closed for new posts.

Forums