Difference between revisions of "Storm Botnet"

From Audacity Wiki
Jump to: navigation, search
(Added headings and link)
(may as well make an Intro and add some more Wiki links (and make article headers <H2> instead of <H1> - only H1 header should be the page title))
Line 1: Line 1:
=What is Storm Botnet?=
+
{{Intro|1={{external|[http://en.wikipedia.org/wiki/Storm_botnet Storm Botnet]}} (also known as "Storm Worm Botnet") is a sophisticated {{external|[http://en.wikipedia.org/wiki/Denial-of-service_attack DDoS]}} (distributed denial of service) engine, funded and run by criminal organisations. There is significant money to be made from it.  The engine can be used for anything from spamming, to protection rackets (DDoS attacks), to phishing, to cracking high-value encryption keys.  The botnet services are believed to be rented out using keys to access different segments.|2=}}
"[http://en.wikipedia.org/wiki/Storm_botnet Storm Botnet]" aka "[http://en.wikipedia.org/wiki/Storm_botnet Storm Worm Botnet]" is a sophisticated distributed denial of service engine, funded and run by criminal organisations. The above  Wikipedia page about it gives an excellent explanation.  There is significant money to be made from it.  The engine can be used for anything from spamming, to protection rackets (DDOS attacks), to phishing, to cracking high-value encryption keys.  The botnet services are believed to be rented out using keys to access different segments.
 
  
=Why is it relevant to us?=
+
 
Any high profile open source organisation needs to be aware of the sophistication of modern trojan/hacking techniques.  Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software.  Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.
+
==Why is it relevant to us?==
 +
Any high profile open source organisation needs to be aware of the sophistication of modern {{external|[http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 Trojan]}} and hacking techniques.  Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software.  Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.
  
 
These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems.  A large proportion of infection is via 'social engineering', encouraging people to run infected exes.   
 
These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems.  A large proportion of infection is via 'social engineering', encouraging people to run infected exes.   
  
=What should we do about it?=
+
==What should we do about it?==
 
One should not get unduly anxious about such technology.  There are organisations that fight these botnets, analysing the code and instigating countermeasures.  The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat.  Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS.  For a Windows user such an event might be a good motivator for migrating to Linux.  Linux and Mac machines are relatively less affected.  The value to criminals in designing new malware for those less popular operating systems is much lower.
 
One should not get unduly anxious about such technology.  There are organisations that fight these botnets, analysing the code and instigating countermeasures.  The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat.  Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS.  For a Windows user such an event might be a good motivator for migrating to Linux.  Linux and Mac machines are relatively less affected.  The value to criminals in designing new malware for those less popular operating systems is much lower.
  
* Consider initiating a dialogue with [http://osvdb.org/blog/ OSVDB] ??
+
'''Ideas:'''
 +
 
 +
* Consider initiating a dialogue with {{external|[http://osvdb.org/blog/ OSVDB]}} ?
  
 
[[Category:For Developers]]
 
[[Category:For Developers]]

Revision as of 18:28, 12 April 2008

Storm Botnet  (also known as "Storm Worm Botnet") is a sophisticated DDoS  (distributed denial of service) engine, funded and run by criminal organisations. There is significant money to be made from it. The engine can be used for anything from spamming, to protection rackets (DDoS attacks), to phishing, to cracking high-value encryption keys. The botnet services are believed to be rented out using keys to access different segments.


Why is it relevant to us?

Any high profile open source organisation needs to be aware of the sophistication of modern Trojan  and hacking techniques. Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software. Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.

These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems. A large proportion of infection is via 'social engineering', encouraging people to run infected exes.

What should we do about it?

One should not get unduly anxious about such technology. There are organisations that fight these botnets, analysing the code and instigating countermeasures. The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat. Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS. For a Windows user such an event might be a good motivator for migrating to Linux. Linux and Mac machines are relatively less affected. The value to criminals in designing new malware for those less popular operating systems is much lower.

Ideas:

  • Consider initiating a dialogue with OSVDB  ?