back to article The balkanization of Storm Worm botnets

Creators of the Storm Worm Trojan have introduced a change to their malware that could help administrators trying to fortify their ISPs and networks against the prolific pest. PCs infected by Storm in the past week or so use a 40-byte key to encrypt traffic sent through Overnet, a peer-to-peer protocol that helps individual …

COMMENTS

This topic is closed for new posts.
  1. Alan Donaly
    Thumb Up

    good article

    Very nicely written very concise a little disconserting of course but well written none the less.

  2. GottaBeKidding
    Thumb Down

    Not A Worm

    Once again. It's bloody well not a worm. It's a trojan. Ever since this outbreak of sillyness started it's always been a trojan.

  3. Andy Bright
    Boffin

    Switch them off?

    Can't we just switch off Asia and Eastern Europe. Let the bastards have their own internet, and leave us honest folks alone.

    We lose the botnets, worms and hacked WoW accounts, they lose spam and 419s - everyone's a winner.

  4. Karl Rasmusson

    Switch the US off too?

    Switch off Asia and Eastern Europe?

    An analysis done by an associate has shown that the country with the greatest proportion of bots hosting spammer sites is the U.S. Should we switch them off too mate? See here...

    http://spamtrackers.eu/wiki/index.php?title=Botnet_hosting#Botnet_Geography_Charts

    BTW not everyone in Asia is a dishonest bastard (as you implied)!

  5. Shannon Jacobs
    Thumb Down

    Not a well written article

    Actually sounds more like a good defensive strategy by the bad guys, and one of the main implications not touched upon by the article is that it makes it harder for other people to use those technologies for legitimate purposes. Were you thinking that encryption would add something good to a legitimate P2P service you are designing? Well, you better forget it now. However from the spammer's perspective, it puts their eggs into different baskets that are more strongly separated from each other, which may make it harder to get all of them.

    I thought the article was another overly light populist approach to a complicated problem. Maybe the author does know his stuff--or maybe not. I'd have liked to see some links to heavier secondary sources that the Bleeding Edge Threats page.

  6. Pascal Monett Silver badge

    Re:Switch the US off too?

    Won't need to. In the name of Homeland Security, they'll be switching themselves off by the end of next year.

  7. Anonymous Coward
    Anonymous Coward

    @Andy Bright

    Most inappropriate name evah!

    Actually, most attacks on my servers seem to come from Belgium.

  8. Dave
    Thumb Down

    I am with Shannon: poor article

    Storm is a very devious, complex and well-designed malevolent toolset. For a really good insight into all aspects of the design I would refer all readers who have got here and want to understand more to go to Bruce Schneier's blog, which has its home at:

    http://www.schneier.com/crypto-gram.html, look for "The Storm Worm" in the October 2007 archive page (it has 'fallen off the bottom' of the current page)

    Bruce's entry refers out to a number of other articles and has attracted somehwat in excess of 100 comments.

  9. Anonymous Coward
    Stop

    storm rules not useful

    Just a warning to those wanting to use those Snort signatures - those rules are so generic, you are going to be chasing false positives all day and night.

This topic is closed for new posts.