Thursday, April 24, 2008

Overestimating Storm:
Computer security researchers had an "oops!" moment recently when they realized that their monitoring and investigative tools had led to overestimating the size of the Storm botnet.

...But it turned out that Storm was only about a tenth of its estimated size. That is, 200,000-400,000 zombie PCs. Still pretty formidable. There are other botherds out there with 400,000 or more PCs, and they all are built in a similar fashion to Storm. That's the scary part. Yes, Storm was not as big as originally believed, but then it turns out that there are a dozen or more Storms in the wild.

...Criminal gangs are increasingly active in producing things like Storm, and, in the case of China, so are government Cyber War operations. Russia is also believed to rely on criminal hackers for help in carrying out Cyber War tasks, usually espionage. Meanwhile, it's clear what Storm is up to. It has been launching attacks at web sites involved in stopping or investigating Storm. This involves transmitting huge quantities of bogus messages, that shut down targeted web sites (this is a DDOS, or distributed denial or service attack). The Storm botherders are also advertising their botnet as available for the usual illegal activities (various types of spam).

Early on, it was believed that Storm was owned by a Russian criminal syndicate, but once more detailed proof was available, the Russian government refused to cooperate, treating Storm like some kind of secret military resources. And to the Russians, that's apparently what Storm is. Meanwhile, the investigation indicates that the Storm crew have some American members, and now the search is on for them, or any other non-Russians who worked on Storm, and are not inside Russia.