|
General
|
|
Written by Daniel
|
|
Tuesday, 30 October 2007 09:15 |
|
Massive botnet can launch denial-of-service attacks on those who threaten it OCTOBER 29, 2007 | 4:10 PM
By Tim Wilson
Site Editor, Dark Reading
A warning to those who might try to stop the Storm worm: Be prepared for a counterattack.
Researchers say they have heard of several instances in which Storm -- the infamous botnet created by a widespread worm/Trojan distributed across the Internet -- has successfully launched reprisals against those who try to break it.
"This is the first time that I can remember ever seeing researchers who were actually afraid of an investigating an exploit," said Josh Corman, principal security strategist at IBM's Internet Security Systems unit, in an interview last week at Interop New York.
"The bad news about Storm is that it fights back," said Shane Coursen, senior technical consultant at Kaspersky Lab, during a session at the conference. "There have been cases in which a researcher was discovered, and within five seconds, he had a DDOS attack from 10,000 bots."
It's not clear whether Storm's reprisals are automated or manual, says Joe Stewart, a researcher at SecureWorks who has been studying Storm since it first emerged at the beginning of this year. "They could be triggered by behavior that's typical of a researcher, or they could be the result of someone studying logs and launching an attack in response," he says.
Storm can collect IP addresses of end users via HTTP and analyze them, Stewart notes. Researchers can use proxies, but if they are discovered, a DDOS counterattack might target the proxy, and innocent users might get hurt, he says... More Comment in the Forum |
