The Internet's Public Enemy Number One

Thomas Fuchs A vastly powerful new supercomputer is on the loose. With more than a million CPUs and a petabyte of RAM, it completely dwarfs its next-largest competitor, IBM's BlueGene/L, which contains a paltry 128,000 processing cores and 32 terabytes of memory. And the new supercomputer is growing larger every day.

There's just one problem. This powerhouse isn't run by a university, or IBM, or a government agency. It's the Storm Worm botnet, capable of sending staggering amounts of spam and viruses around the globe, and launching devastating attacks against security researchers or anyone else who might oppose it.

A botnet (short for "robot network") is a corralled network of computers that are infected by bot malware and can be remotely controlled by a single individual. Estimates vary, but security researchers believe that the Storm Worm has anywhere between 1 and 10 million PCs unwillingly dancing to its tune.

Peter Gutmann, a computer scientist with the University of Auckland in New Zealand, notes that real supercomputers would likely outperform Storm's distributed network in traditional supercomputer benchmarking. But "where Storm leaves every conventional supercomputer in the dust is in terms of the sheer hardware resources (number of CPUs, amount of memory, and network bandwidth) at its disposal," he wrote in an e-mail.

Those network connections, likely numbering in the millions, are the most valuable resources for the crooks behind Storm. Botnet controllers, or "bot herders," sell their botnets' spam-sending or Internet attack services for a fee on the Internet underground. The more PCs and network connections a botnet has, the more spam or denial-of-service attack traffic it can send, and the more money it can make.

Who's behind the Storm Worm? No one knows for sure. Researchers at Finnish security firm F-Secure believe, for a few reasons, that the masterminds are Russian. They use a domain and host out of the notorious Russian Business Network. Inside their code, they refer to their hatred of Moscow-based security firm Kaspersky Lab. And some of their software uses the word bydloshka, which F-Secure researchers believe is a derivative of buldozhka, a Russian term of affection that translates roughly to "bulldog."

Cunning Defense

Whoever is controlling the massive botnet is managing its spread and defense with great sophistication. They frequently change the well-crafted e-mail messages that trick users into installing the virulent bot. When the alert went out about a late-summer wave of , Storm e-mail in September shifted to messages that pretended to promote Tor, a legit anonymous-surfing application. The fake Tor e-mail used text and images from the actual Tor Web site, but any recipient who followed the download link and double-clicked the resulting tor.exe file installed Storm.

And once it has control of a PC, Storm will fight to maintain it. According to Paul Sop, CTO of Prolexic, which defends business clients against the type of Internet attacks that botnets launch, security researchers who investigate Storm-infected machines can expect swift retaliation.

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...