DoS Attack Feared As Storm Worm Siege Escalates - InformationWeek
Software // Information Management
04:31 PM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

DoS Attack Feared As Storm Worm Siege Escalates

The massive Storm worm attack has built a botnet of 1.7 million computers -- large enough to unleash a highly damaging denial-of-service attack, researchers fear.

As the Storm worm grows into a prolonged online siege 10 times larger than any other e-mail attack in the last two years -- amassing a botnet of nearly 2 million computers -- researchers worry about the damage hackers could wreak if they unleash a denial-of-service attack with it.

Between July 16 and Aug. 1, researchers at software security firm Postini have recorded 415 million spam e-mails luring users to malicious Web sites, according to Adam Swidler, a senior manager with Postini. Before the Storm worm began its attack, an average day sees about 1 million virus-laden e-mails crossing the Internet. On July 19, Postini recorded 48.6 million and on July 24, researchers tracked 46.2 million malicious messages -- more than 99% of them are from the Storm worm.

Researchers at SecureWorks are seeing similar staggering numbers, as well.

Joe Stewart, a senior security researcher at SecureWorks, noted that the number of zombie computers that the Storm worm authors have amassed as skyrocketed in the past month. From the first of January to the end of May, the security company noted that there were 2,815 bots launching the attacks. By the end of July, that number had leapt of 1.7 million.

"It's really gotten enormous," said Stewart. "It's been building with exponential growth. It's one of the largest botnets I've ever heard of."

And both Stewart and Swidler said they think the Storm worm authors are cultivating such an enormous botnet to do more than send out increasing amounts of spam. All of the bots are set up to launch denial-of-service (DoS) attacks and that's exactly what they're anticipating. Denial-of-service attacks -- sometimes called DoS -- are designed to pound each computer with countless questions that flood its ability to respond, effectively taking the machine down.

"When a computer is added to a botnet, it becomes a platform for issuing further attacks," said Swidler. "I shudder to think should they turn this botnet on an organization... It's harnessing the benefits of the grid computing architecture for evil purposes."

Stewart added that the botnet has been launching small DoS attacks, but only a small percentage of the botnet has been used for it and the attacks have only been directed at seemingly random IP addresses or small organizations. A large directed attack could be much different.

"At any time, the botnet could launch a massive attack at anyone. We're wondering if it's being geared up for some sort of large scale attack," said Stewart. "Who couldn't they take offline with all the computers in this botnet?.. They could take a small country out."

This past May, Estonia, a country in Eastern Europe, was hammered with a DoS attack from a botnet. Swidler said he believes there's a good chance that the Storm worm authors were behind the Estonia attacks.

SecureWorks is warning IT managers and home users that they need to be aware of the scams connected to the Storm worm, which include e-mails with links leading to fake e-cards and news stories highlighting catastrophic events.

"Storm relies on social engineering as its best ally so it is really important that computer users keep their guard up and be suspicious of any unsolicited email containing an attachment or a link," said Stewart. "Even if it mentions something you are familiar with or promises some sort of critical data, always check with the sender to see what it is and why the sent it."

He also warns that users and IT managers can protect their systems by blocking peer-to-peer networking. When the malware runs, it tries to link up with other infected hosts via P2P networks. Stewart noted that if that function is blocked, then the user's computer cannot become a part of the botnet.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll