Software // Enterprise Applications
News
9/18/2007
01:50 PM
50%
50%

Storm Worm Botnet Attacks Anti-Spam Firms

Organizations like the Spamhaus Project and Surbl.org have been under attacks for months, but they've managed to stay online.

There's no need to warn the anti-spam researchers at the Spamhaus Project about the Storm worm authors' ability to launch massive denial-of-service attacks. They've been fending them off for several months. And they've lived -- or at least stayed online -- to tell the tale.

"It's been a pretty constant battle to stay online," Vincent Hanna, an investigator for the non-profit Spamhaus Project, told InformationWeek. "It's an arms race. They try something. We block it. They try something else. We block it. It goes on and on. Sometimes it's fine and sometimes we spend hours a day on this."

Spamhaus is one of the anti-spam organizations that have been targeted in recent months by the Storm worm authors. The malware writers have amassed a giant, international botnet of compromised computers. Estimates of its size range wildly -- from one or two million up to 50 million bots. Regardless of its specific size, though, security researchers say it's definitely large enough to wreak a lot of havoc with a company's network, a government agency, an ISP, or possibly even an entire country, if they use that illegal grid to launch a denial-of-service (DoS) attack.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview he has no doubt if the Storm worm bosses focused the full power of their botnet on a targeted DoS attack, it could do a lot of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."

While the protracted DoS attack on Spamhaus hasn't used the full force of the botnet's might, the attack has been long enough and strong enough to be disruptive, even if it hasn't knocked the organization offline.

Hanna said Spamhaus is used to being under fairly constant attack by cyber criminals who would like to mess with the organization that tracks the Internet's spam gangs. This attack, which he said he's traced directly to the Storm worm botnet, has been different.

Instead of pushing a huge stream of packets at their network to overwhelm their servers, the Storm botnet is flooding them with nonsensical URL requests. And this attack, which recently subsided, has been the longest attack they've ever had to repel -- lasting about two months.

"We manage," said Hanna. "We're still online but we have to keep a constant eye on what's happening. It's a pretty constant battle to stay online. It would be nice if we didn't have to give it this much effort and hardware and time, but we have to do it. The very fact that they DDoS us, tells us we're doing a good job."

Matt Sergeant, chief anti-spam technologist with MessageLabs, said in an interview that the Storm worm authors have been going after various anti-spam organizations for several months. And there's no sign of it slowing down.

"The volumes of data in the current DoS attacks is enormous," he added. "The [anti-spam organizations] have been dealing with a DoS attack that's been lasting months and months now."

Jeff Chan, a researcher at Surbl.org, a spam blacklist, said in an e-mail to InformationWeek that they also have been hit by Storm DoS attacks. "In terms of mitigating Storm, it's challenging at best and impossible at worst since the bad guys control many hundreds of megabits of traffic," he wrote. "There's some evidence that they may control hundreds of Gigabits of traffic, which is enough to force some countries off the Internet."

Chan also was quick to warn that this is not a botnet that should be taken lightly.

"Too many people do not understand the scope of the problems," he wrote. "Until more is done against botnets and the people who create them, everyone is potentially vulnerable, even networks with 100 plus gigabit connections."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.