Storm Botnet

From Audacity Wiki
Jump to: navigation, search
Storm Botnet  (also known as "Storm Worm Botnet") is a sophisticated DDoS  (distributed denial of service) engine, funded and run by criminal organisations. There is significant money to be made from it. The engine can be used for anything from spamming, to protection rackets (DDoS attacks), to phishing, to cracking high-value encryption keys. The botnet services are believed to be rented out using keys to access different segments.

Why is it relevant to us?

Any high profile open source organisation needs to be aware of the sophistication of modern Trojan  and hacking techniques. Attacks may be a mixture of purely automated distribution and targeted attacks, principally against the hosts that serve the open source software. Even for smaller organisations, basic measures like only uploading executables that have been built on trusted machines, are important.

These distributed botnets are interesting - perhaps more for the motivation and psychology behind them than for the actual technology, which in many cases exploits basic security flaws and design problems. A large proportion of infection is via 'social engineering', encouraging people to run infected exes.

What should we do about it?

One should not get unduly anxious about such technology. There are organisations that fight these botnets, analysing the code and instigating countermeasures. In April 2008 Microsoft claimed credit  for significantly reducing the number of infected machines. The fact that Wikipedia is ready to put an article on botnets on their front page as a featured article indicates that they have thought about the issues involved and have, at least for themselves, adequate means to mitigate the threat. Providing one has backups and provided one does not keep any data of significant financial value on a machine that is internet connected, the loss on being successfully 'exploited' is mostly that of the time of recovering recent data and installing a clean OS. Some suggestions on how to clean up a machine infected with bots are here. For a Windows user such an event might be a good motivator for migrating to Linux. Linux and Mac machines are relatively less affected. The value to criminals in designing new malware for those less popular operating systems is much lower.


  • Consider initiating a dialog with OSVDB  ?