Forum latest

Researchers Fear Reprisals From Storm
General
Written by Daniel   
Tuesday, 30 October 2007 09:15

Massive botnet can launch denial-of-service attacks on those who threaten it

OCTOBER 29, 2007 | 4:10 PM
By Tim Wilson
Site Editor, Dark Reading

A warning to those who might try to stop the Storm worm: Be prepared for a counterattack.
Researchers say they have heard of several instances in which Storm -- the infamous botnet created by a widespread worm/Trojan distributed across the Internet -- has successfully launched reprisals against those who try to break it.



"This is the first time that I can remember ever seeing researchers who were actually afraid of an investigating an exploit," said Josh Corman, principal security strategist at IBM's Internet Security Systems unit, in an interview last week at Interop New York.

"The bad news about Storm is that it fights back," said Shane Coursen, senior technical consultant at Kaspersky Lab, during a session at the conference. "There have been cases in which a researcher was discovered, and within five seconds, he had a DDOS attack from 10,000 bots."

It's not clear whether Storm's reprisals are automated or manual, says Joe Stewart, a researcher at SecureWorks who has been studying Storm since it first emerged at the beginning of this year. "They could be triggered by behavior that's typical of a researcher, or they could be the result of someone studying logs and launching an attack in response," he says.

Storm can collect IP addresses of end users via HTTP and analyze them, Stewart notes. Researchers can use proxies, but if they are discovered, a DDOS counterattack might target the proxy, and innocent users might get hurt, he says... More      Comment in the Forum
 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either