Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Storm Botnet?
Posted by: citizen535400
Date: September 09, 2007 08:58PM

Hi,

I'm very new to this site, and to web security in general. The thing that's really making me curious about this is the storm botnet... It's getting a lot of coverage and baffles me. I read a bit about it on Slashdot, F-Secure, and Wikipedia, but was wondering if there's any detailed information / research / whatever about this that is available? Any help would be appreciated.

Thx.

Options: ReplyQuote
Re: Storm Botnet?
Posted by: Spyware
Date: September 10, 2007 04:37AM

What do you want to know? How it was created, how it was spread, what is being done with the botnet?

If you just want information just google and click away. Most big techy sites have a newspost on the botnet, but I think there's no new information in those posts, it's all copied. Take a look at notes & external links on Wikpedia http://en.wikipedia.org/wiki/Storm_Worm#External_links

Options: ReplyQuote
Re: Storm Botnet?
Date: September 10, 2007 02:52PM

http://www.itnews.com.au/News/60752,storm-worm-botnet-more-powerful-than-top-supercomputers.aspx
Thats some scary shit

Options: ReplyQuote
Re: Storm Botnet?
Posted by: id
Date: September 10, 2007 04:25PM

blame the ISPs and companies with poor security.

how many have egress filtering for port 25? Most spam could be stopped in its current state by a little responsibility.

-id

Options: ReplyQuote
Re: Storm Botnet?
Posted by: Anonymous User
Date: September 10, 2007 07:26PM

...And denying all executables as a defacto standard, who sends executables these days, block 'em!

Options: ReplyQuote
Re: Storm Botnet?
Posted by: id
Date: September 11, 2007 12:46PM

Denying executables isn't the solution, they will just send it in a zip or what if the exploit is javascript exploiting the mail program's html engine? Also isn't the ISP's job to block a trojan like that anyway unless you ask them for that service (though maybe that should be an opt-out type service at most ISPs).

If all ISPs blocked their IP space from connecting to other mail servers besides their own (or specifically requested ones such as your work's) would go a long way towards slowing spam.

-id

Options: ReplyQuote
Re: Storm Botnet?
Posted by: id
Date: September 11, 2007 12:55PM

Another thing, which kind of defeats part of my egress post... A lot of the mail I am getting right now is from legitimate mail servers, but it is from Storm Bot. I'm not sure exactly what it is doing, but it seems to be using the correct mail forwarder for the network it is on. (eg: a cox.net customer is infected, it uses mx.west.cox.net to forward the spam). At that point it is the ISP's responsibility to not forward those messages.

-id

Options: ReplyQuote
Re: Storm Botnet?
Posted by: al_pha
Date: October 10, 2007 11:47AM

Here's a great write up on this:

http://www.cyber-ta.org/pubs/StormWorm/report/

Options: ReplyQuote
Re: Storm Botnet?
Posted by: id
Date: October 10, 2007 05:50PM

Nice write up, I'll finish it tonight.

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.