[ad]
So what’s coming next, after Storm you might ask. You might remember Storm Worm Descending on Blogspot recently and other news about Botnets spiraling out of control accounting for almost 25% of online computers.
Well apparently next will be p2p or peer to peer Botnets which could literally blow Storm away.
You know about the Storm Trojan, which is spread by the world’s largest botnet. But what you may not know is there’s now a new peer-to-peer based botnet emerging that could blow Storm away.
“We’re investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication,” says Tripp Cox, vice president of engineering for startup Damballa, which tracks botnet command and control infrastructures. “We can’t say much more about it, but we can tell it’s distinct from Storm.”
It’s hard to imagine anything bigger and more complex than Storm, which despite its nefarious intent as a DDOS and spam tool has awed security researchers with its slick design and its ability to reinvent itself when it’s at risk of detection or getting busted. Storm changed the botnet game, security experts say, and its successors may be even more powerful and wily.
Interesting developments, I’ll certainly be watching out for this and see what happens. This next generation could open up some DDoS attacks of never seen before proportions (I’m talking the ability to take whole countries offline).
Information warfare? Cyber Terrorism? Yes it’s getting very real.
Botnets are no longer just annoying, spam-pumping factories — they’re big business for criminals. This shift has even awakened enterprises, which historically have either looked the other way or been in denial about bots infiltrating their organizations.
“A year ago, the traditional method for bot infections was through malware. But now you’re getting compromised servers, with drive-by downloads so prevalent that people are getting infected without realizing it,” says Paul Ferguson, network architect for Trend Micro. “No one is immune.”
So watch out, and do educate people wherever you can about the dangers of Malware and safe surfing. A little Firefox here, a little NoScript there, a copy of Avast and a few instructions solve most problems.
Source: Dark Reading
normalsecrecy says
damballa is a pretty compelling company. the research done at gatech that lead to the startup of this company is a good read for those so inclined. i hope they turn out to be a real solutions company and not one that always looks to apply band-aids to the latest or emerging threats/vulnerabilities.
woo says
Thanks for the important information.
I am very sad to hear that kind of news. :-(
Goodpeople says
I somewhat fail to see that this is new threat. We’ve known for years that illegal downloading of software, film and music is equal to asking for trouble.
You simply cannot trust anything that comes from untrusted sources. What was it.. out of the first 10 iso-images of Vista that were available for download, 9 were heavily invested with all sorts of malware?
What people do with their own computers, is for them to decide. But if I catch anyone downloading stuff on a computer or network that is under my command, I’ll just kick them off the internet. After a week they can come to me in person and ask me very politely if they can have their internet privileges back.
Been doing so for years and that’s the only way to keep most problems out.
saab says
thx
dirty says
Goodpeople I agree with you that this is not a “new” threat, however it seems that the implications and risk have dramatically increased
Darknet
Scary stuff! Thanks for the post…..
Ian Kemmish says
The “warfare” side of it is already a reality. In the run-up to the Russian Duma elections in December, human rights sites in Russia are being subject to effective and prolonged DDOS attacks. (If you can read Russian, sobkorr.ru is an independent news site which carries reports on these from time to time.)
Nobody_Holme says
Peer to peer is for idiots. Unluckily I cant convince people I know of this, even though their computers have been owned at least twice by it. I’m waiting for the botnet software that works only when your Utorrent is downloading, and the like… Those are going to make my internet slower than dialup. If anyone writes one that gets me via the router off other people torrenting, I’m going to break some legs…
Goodpeople says
@Dirty,
I agree that risk and implications have increased dramatically. But isn’t that the consequence of more and more people getting connected?
Like I said before: Education is the only answer. But then again, that doesn’t always work.. I can hardly expect my mother in law to understand what the net is all about. But she does want to download an occasional movie. (which btw is perfectly legal in The Netherlands).
So, from time to time I wipe her laptop clean and do a complete reinstall. I only wish that I had trashed the pre-installed version of XP and installed Mandriva on the day she bought it. That would have made my life somewhat easier.
Goodpeople says
btw Nobody_Holme,
Let me know when you’re going to war. I’ll come and help you.. :-)
dirty says
@goodpeople and nobody_holme
Stupid web users = job security
but every once in a while i do believe corporal punishment should be a valid option for them, jk
dirty says
Check out this poll on packet storm
Human Stupidity is ranked the most factor to exploit:
http://www2.packetstormsecurity.org/cgi-bin/cbmc/voting.cgi?votebooth=defined&label=funnestbug.31337&vtype=current
Darknet says
I think you guys are somewhat missing the point, this IS a new threat. What we are talking about here is not an infection vector (e.g. P2P networks and software) we are talking about a new generation of worm type malware that USES P2P technology to communicate and propagate. The Botnet itself is based on P2P principles, it’s not infecting people using P2P software.
Goodpeople says
Darknet is right. I did a little research on the topic and came across this document. Quite an interesting read.
http://staff.science.uva.nl/~delaat/sne-2006-2007/p17/report.pdf
Scary, but not unstoppable seems to be the conclusion.
Pantagruel says
The UvA article is a nice read and paints a good picture of the structure behind P2P and the problems for the nearby future. Eventually security buffs will find a way to plug this hole. The only questions remain how fast and what cost to the average internet user.
It seem to me that in this day and age every internet aware application should be scrutinized thoroughly for potential exploits and security holes, this ofcourse will only limit the amount of exploits. Add in the “everything for free ” attitude of the bulk of P2P users (not all P2P traffic is illegal stuf, i know, some GPLed distro’s are spread through P2P) makes the P2P client/server environment a viable platform for botnets (not to mention spreading trojans and virii)
Nobody_Holme says
Memo to self: stop with the off-topic rants.
Also, stupid web users are fine, as long as they dont live with me *crys in a corner*
Sir Henry says
I agree, this is a rather startling development. I also agree that education is one part of the equation. The problem with the latter, however, is one that will always provide job security to dirty: people will always assume that they will not be the victim or that they will not be affected. Too many times have I heard people state, “Out of the millions of people on the internet, what are the chances of me being singled out?” An unfortunate mistake in logic where I promptly explain to them what a botnet actually is and how it could very easily single out a myriad of users. I do believe that I have scared some sense into a number of people as a result.
zupakomputer says
Not meaning to pre-empt anything here topic-wise, but this caught my attention the other day because it’s exactly what I was thinking after learning a bit about router configuring:
http://blogs.zdnet.com/security/?p=919
:all the internal security on a LAN is going to mostly be wasted, if the routers are compromised – especially if they’re compromised to the extent that they aren’t just being bypassed but are being re-configured.
All in most of these problems only occur in the first place because people like to work remotely (well, who wouldn’t rather work @ home / roam around, if either-or are good places to be) therefore require being able to login remotely – has any major company invested in something like a network for VPN access (ie – over the internet) that isn’t directly part of the same secure inner company network; a system that say updates via manual hot-swaps at the end of the working day.