Software // Enterprise Applications
News
9/18/2007
01:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Storm Worm Botnet Attacks Anti-Spam Firms

Organizations like the Spamhaus Project and Surbl.org have been under attacks for months, but they've managed to stay online.

There's no need to warn the anti-spam researchers at the Spamhaus Project about the Storm worm authors' ability to launch massive denial-of-service attacks. They've been fending them off for several months. And they've lived -- or at least stayed online -- to tell the tale.

"It's been a pretty constant battle to stay online," Vincent Hanna, an investigator for the non-profit Spamhaus Project, told InformationWeek. "It's an arms race. They try something. We block it. They try something else. We block it. It goes on and on. Sometimes it's fine and sometimes we spend hours a day on this."

Spamhaus is one of the anti-spam organizations that have been targeted in recent months by the Storm worm authors. The malware writers have amassed a giant, international botnet of compromised computers. Estimates of its size range wildly -- from one or two million up to 50 million bots. Regardless of its specific size, though, security researchers say it's definitely large enough to wreak a lot of havoc with a company's network, a government agency, an ISP, or possibly even an entire country, if they use that illegal grid to launch a denial-of-service (DoS) attack.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview he has no doubt if the Storm worm bosses focused the full power of their botnet on a targeted DoS attack, it could do a lot of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."

While the protracted DoS attack on Spamhaus hasn't used the full force of the botnet's might, the attack has been long enough and strong enough to be disruptive, even if it hasn't knocked the organization offline.

Hanna said Spamhaus is used to being under fairly constant attack by cyber criminals who would like to mess with the organization that tracks the Internet's spam gangs. This attack, which he said he's traced directly to the Storm worm botnet, has been different.

Instead of pushing a huge stream of packets at their network to overwhelm their servers, the Storm botnet is flooding them with nonsensical URL requests. And this attack, which recently subsided, has been the longest attack they've ever had to repel -- lasting about two months.

"We manage," said Hanna. "We're still online but we have to keep a constant eye on what's happening. It's a pretty constant battle to stay online. It would be nice if we didn't have to give it this much effort and hardware and time, but we have to do it. The very fact that they DDoS us, tells us we're doing a good job."

Matt Sergeant, chief anti-spam technologist with MessageLabs, said in an interview that the Storm worm authors have been going after various anti-spam organizations for several months. And there's no sign of it slowing down.

"The volumes of data in the current DoS attacks is enormous," he added. "The [anti-spam organizations] have been dealing with a DoS attack that's been lasting months and months now."

Jeff Chan, a researcher at Surbl.org, a spam blacklist, said in an e-mail to InformationWeek that they also have been hit by Storm DoS attacks. "In terms of mitigating Storm, it's challenging at best and impossible at worst since the bad guys control many hundreds of megabits of traffic," he wrote. "There's some evidence that they may control hundreds of Gigabits of traffic, which is enough to force some countries off the Internet."

Chan also was quick to warn that this is not a botnet that should be taken lightly.

"Too many people do not understand the scope of the problems," he wrote. "Until more is done against botnets and the people who create them, everyone is potentially vulnerable, even networks with 100 plus gigabit connections."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.