Difference between revisions of "Storm Botnet"

From Audacity Wiki
Jump to: navigation, search
(two typos and assuming the intended meaning of the last sentence (please change it if it's wrong).)
(Added headings and link)
Line 1: Line 1:
 +
=What is Storm Botnet?=
 
"[http://en.wikipedia.org/wiki/Storm_botnet Storm Botnet]" aka "[http://en.wikipedia.org/wiki/Storm_botnet Storm Worm Botnet]" is a sophisticated distributed denial of service engine, funded and run by criminal organisations.  The above  Wikipedia page about it gives an excellent explanation.  There is significant money to be made from it.  The engine can be used for anything from spamming, to protection rackets (DDOS attacks), to phishing, to cracking high-value encryption keys.  The botnet services are believed to be rented out using keys to access different segments.
 
"[http://en.wikipedia.org/wiki/Storm_botnet Storm Botnet]" aka "[http://en.wikipedia.org/wiki/Storm_botnet Storm Worm Botnet]" is a sophisticated distributed denial of service engine, funded and run by criminal organisations.  The above  Wikipedia page about it gives an excellent explanation.  There is significant money to be made from it.  The engine can be used for anything from spamming, to protection rackets (DDOS attacks), to phishing, to cracking high-value encryption keys.  The botnet services are believed to be rented out using keys to access different segments.
  
 +
=Why is it relevant to us?=
 
Any high profile open source organisation needs to be aware of the sophistication of modern trojan/hacking techniques.  Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software.  Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.
 
Any high profile open source organisation needs to be aware of the sophistication of modern trojan/hacking techniques.  Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software.  Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.
  
 
These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems.  A large proportion of infection is via 'social engineering', encouraging people to run infected exes.   
 
These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems.  A large proportion of infection is via 'social engineering', encouraging people to run infected exes.   
  
 +
=What should we do about it?=
 
One should not get unduly anxious about such technology.  There are organisations that fight these botnets, analysing the code and instigating countermeasures.  The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat.  Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS.  For a Windows user such an event might be a good motivator for migrating to Linux.  Linux and Mac machines are relatively less affected.  The value to criminals in designing new malware for those less popular operating systems is much lower.
 
One should not get unduly anxious about such technology.  There are organisations that fight these botnets, analysing the code and instigating countermeasures.  The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat.  Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS.  For a Windows user such an event might be a good motivator for migrating to Linux.  Linux and Mac machines are relatively less affected.  The value to criminals in designing new malware for those less popular operating systems is much lower.
 +
 +
* Consider initiating a dialogue with [http://osvdb.org/blog/ OSVDB] ??
  
 
[[Category:For Developers]]
 
[[Category:For Developers]]

Revision as of 16:46, 12 April 2008

What is Storm Botnet?

"Storm Botnet" aka "Storm Worm Botnet" is a sophisticated distributed denial of service engine, funded and run by criminal organisations. The above Wikipedia page about it gives an excellent explanation. There is significant money to be made from it. The engine can be used for anything from spamming, to protection rackets (DDOS attacks), to phishing, to cracking high-value encryption keys. The botnet services are believed to be rented out using keys to access different segments.

Why is it relevant to us?

Any high profile open source organisation needs to be aware of the sophistication of modern trojan/hacking techniques. Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software. Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.

These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems. A large proportion of infection is via 'social engineering', encouraging people to run infected exes.

What should we do about it?

One should not get unduly anxious about such technology. There are organisations that fight these botnets, analysing the code and instigating countermeasures. The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat. Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS. For a Windows user such an event might be a good motivator for migrating to Linux. Linux and Mac machines are relatively less affected. The value to criminals in designing new malware for those less popular operating systems is much lower.

  • Consider initiating a dialogue with OSVDB ??