Storm Botnet Behind Canadian DoS Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Storm Botnet Behind Canadian DoS Attack

A researcher at the Internet Storm Center said the widespread but unfocused attack could have been a test of the might of a botnet more than 1.7 million zombies strong.

Researchers are blaming the virulent Storm worm for a widespread denial-of-service attack that hit Canadian Web sites over the weekend.

The attack may have been unfocused and unsuccessful, but it could have been an early test of the denial-of-service power that the Storm worm botnet now holds.

Johannes Ullrich, chief research officer at the SANS Institute and CTO for the Internet Storm Center, said in an interview that while sites in Canada were "pounded" over the weekend, he doesn't think it was a targeted denial-of-service attack. The attacks weren't aimed at any particular Web sites. It was just spread across a wide swath of the Internet.

"The DoS part was basically an unintentional side effect," said Ullrich. "It was a whole lot of spam -- enough to make the servers slow down. Once [that much spam] is set loose, it's hard to tell what's going to happen."

This weekend's attack veered off the norm.

The Storm worm has been buffeting the Internet for the past several months, sending out historic levels of spam e-mail. Much of it has been in the form of phony electronic greeting cards, luring unsuspecting users to malicious Web sites where their machines are infected with malware that turns them into bots. The individual zombie machines are then added to the massive botnet that the Storm worm authors have been putting together.

This latest attack, though, didn't use the e-card ruse. The e-mails in the attack also didn't carry any malware and didn't link to or point users to any malicious Web sites. The limited amount of text in the e-mails was little more than gibberish, according to Ullrich.

"They may have been trying something but it didn't work," said Ullrich. "Sure. It definitely could be a test [of a DoS attack]. That's what you'd expect. They generally try a test-run first."

Earlier this month, researchers at SecureWorks reported that the Storm authors had a botnet about 2,815 strong in the first half of this year. That number had skyrocketed to 1.7 million by the end of July.

Researchers at both SecureWorks and Postini said they think the Storm worm authors are cultivating such an enormous botnet to do more than send out increasing amounts of spam. All of the bots are set up to launch DoS attacks and that's exactly what they're anticipating. Denial-of-service attacks are designed to pound each computer with countless questions that flood its ability to respond, effectively taking the machine down.

Ullrich said on Monday that he too is concerned about what a botnet of this size could do if the Storm worm authors decide to target a DoS attack. However, he said the authors seem very focused on making money and unless they plan on extorting a company with threats of a massive denial-of-service attack, where's the financial motive?

Ullrich added that he's been seeing Storm worm ads on various underground Web sites. The authors are advertising their ability to send out pump-and-dump and pharmaceutical spam with their global botnet.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll