Difference between revisions of "Storm Botnet"
(Added headings and link) |
Galeandrews (talk | contribs) (may as well make an Intro and add some more Wiki links (and make article headers <H2> instead of <H1> - only H1 header should be the page title)) |
||
| Line 1: | Line 1: | ||
| − | = | + | {{Intro|1={{external|[http://en.wikipedia.org/wiki/Storm_botnet Storm Botnet]}} (also known as "Storm Worm Botnet") is a sophisticated {{external|[http://en.wikipedia.org/wiki/Denial-of-service_attack DDoS]}} (distributed denial of service) engine, funded and run by criminal organisations. There is significant money to be made from it. The engine can be used for anything from spamming, to protection rackets (DDoS attacks), to phishing, to cracking high-value encryption keys. The botnet services are believed to be rented out using keys to access different segments.|2=}} |
| − | |||
| − | =Why is it relevant to us?= | + | |
| − | Any high profile open source organisation needs to be aware of the sophistication of modern | + | ==Why is it relevant to us?== |
| + | Any high profile open source organisation needs to be aware of the sophistication of modern {{external|[http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 Trojan]}} and hacking techniques. Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software. Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important. | ||
These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems. A large proportion of infection is via 'social engineering', encouraging people to run infected exes. | These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems. A large proportion of infection is via 'social engineering', encouraging people to run infected exes. | ||
| − | =What should we do about it?= | + | ==What should we do about it?== |
One should not get unduly anxious about such technology. There are organisations that fight these botnets, analysing the code and instigating countermeasures. The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat. Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS. For a Windows user such an event might be a good motivator for migrating to Linux. Linux and Mac machines are relatively less affected. The value to criminals in designing new malware for those less popular operating systems is much lower. | One should not get unduly anxious about such technology. There are organisations that fight these botnets, analysing the code and instigating countermeasures. The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat. Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS. For a Windows user such an event might be a good motivator for migrating to Linux. Linux and Mac machines are relatively less affected. The value to criminals in designing new malware for those less popular operating systems is much lower. | ||
| − | * Consider initiating a dialogue with [http://osvdb.org/blog/ OSVDB] | + | '''Ideas:''' |
| + | |||
| + | * Consider initiating a dialogue with {{external|[http://osvdb.org/blog/ OSVDB]}} ? | ||
[[Category:For Developers]] | [[Category:For Developers]] | ||
Revision as of 18:28, 12 April 2008
| Storm Botnet (also known as "Storm Worm Botnet") is a sophisticated DDoS (distributed denial of service) engine, funded and run by criminal organisations. There is significant money to be made from it. The engine can be used for anything from spamming, to protection rackets (DDoS attacks), to phishing, to cracking high-value encryption keys. The botnet services are believed to be rented out using keys to access different segments.
|
Why is it relevant to us?
Any high profile open source organisation needs to be aware of the sophistication of modern Trojan and hacking techniques. Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software. Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.
These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems. A large proportion of infection is via 'social engineering', encouraging people to run infected exes.
What should we do about it?
One should not get unduly anxious about such technology. There are organisations that fight these botnets, analysing the code and instigating countermeasures. The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat. Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS. For a Windows user such an event might be a good motivator for migrating to Linux. Linux and Mac machines are relatively less affected. The value to criminals in designing new malware for those less popular operating systems is much lower.
Ideas:
- Consider initiating a dialogue with OSVDB ?
