Infrastructure // Networking
News
9/18/2007
01:50 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Storm Worm Botnet Attacks Anti-Spam Firms

Organizations like the Spamhaus Project and Surbl.org have been under attacks for months, but they've managed to stay online.

There's no need to warn the anti-spam researchers at the Spamhaus Project about the Storm worm authors' ability to launch massive denial-of-service attacks. They've been fending them off for several months. And they've lived -- or at least stayed online -- to tell the tale.

"It's been a pretty constant battle to stay online," Vincent Hanna, an investigator for the non-profit Spamhaus Project, told InformationWeek. "It's an arms race. They try something. We block it. They try something else. We block it. It goes on and on. Sometimes it's fine and sometimes we spend hours a day on this."

Spamhaus is one of the anti-spam organizations that have been targeted in recent months by the Storm worm authors. The malware writers have amassed a giant, international botnet of compromised computers. Estimates of its size range wildly -- from one or two million up to 50 million bots. Regardless of its specific size, though, security researchers say it's definitely large enough to wreak a lot of havoc with a company's network, a government agency, an ISP, or possibly even an entire country, if they use that illegal grid to launch a denial-of-service (DoS) attack.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview he has no doubt if the Storm worm bosses focused the full power of their botnet on a targeted DoS attack, it could do a lot of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."

While the protracted DoS attack on Spamhaus hasn't used the full force of the botnet's might, the attack has been long enough and strong enough to be disruptive, even if it hasn't knocked the organization offline.

Hanna said Spamhaus is used to being under fairly constant attack by cyber criminals who would like to mess with the organization that tracks the Internet's spam gangs. This attack, which he said he's traced directly to the Storm worm botnet, has been different.

Instead of pushing a huge stream of packets at their network to overwhelm their servers, the Storm botnet is flooding them with nonsensical URL requests. And this attack, which recently subsided, has been the longest attack they've ever had to repel -- lasting about two months.

"We manage," said Hanna. "We're still online but we have to keep a constant eye on what's happening. It's a pretty constant battle to stay online. It would be nice if we didn't have to give it this much effort and hardware and time, but we have to do it. The very fact that they DDoS us, tells us we're doing a good job."

Matt Sergeant, chief anti-spam technologist with MessageLabs, said in an interview that the Storm worm authors have been going after various anti-spam organizations for several months. And there's no sign of it slowing down.

"The volumes of data in the current DoS attacks is enormous," he added. "The [anti-spam organizations] have been dealing with a DoS attack that's been lasting months and months now."

Jeff Chan, a researcher at Surbl.org, a spam blacklist, said in an e-mail to InformationWeek that they also have been hit by Storm DoS attacks. "In terms of mitigating Storm, it's challenging at best and impossible at worst since the bad guys control many hundreds of megabits of traffic," he wrote. "There's some evidence that they may control hundreds of Gigabits of traffic, which is enough to force some countries off the Internet."

Chan also was quick to warn that this is not a botnet that should be taken lightly.

"Too many people do not understand the scope of the problems," he wrote. "Until more is done against botnets and the people who create them, everyone is potentially vulnerable, even networks with 100 plus gigabit connections."

Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.