Page 2

By Lisa Vaas  |  Posted 2007-10-24 Print this article Print

Storms mystique comes in part from one of the most challenging aspects to dealing with the botnet: its rabid self-defense mechanisms. "If you try to attach a debugger, or query sites its reporting into, it knows and punishes you instantaneously," he said. "[Over at] SecureWorks, a chunk of it DDoS-ed [directed a distributed-denial-of-service attack] a researcher off the network. Every time I hear of an investigator trying to investigate, theyre automatically punished. It knows its being investigated, and it punishes them. It fights back."
Those researchers who have devised ways to accurately research the scope, techniques and technologies of the botnet are hushed up by their superiors who are well-aware of the retribution that botnet herders have already wrought on those who tried to defeat them, Corman said.
Hence the hush-hush nature of research around Storm. Corman said he can tell us that its now accurately pegged at 6 million, but he cant tell us who came up with the figure, or how. Besides retribution, Storms ability to morph means that those who know how to watch it are jealously guarding their techniques. "None of the researchers wanted me to say anything about it," Corman said. "Theyre afraid of retaliation. They fear that if we disclose their unique means of finding information on Storm," the botnet herder will change tactics yet again and the window into Storm will slam shut. What really has his clients worried, though, is what Storm hasnt yet done, Corman said, with the exception of small hits such as that against SecureWorks or other researchers—ransom sites with DDoS. Theres precedent for such a scenario, and the results havent been cheering. When it comes to the war of good guys (security researchers) versus bad guys (botnet herders), botnets have won, hands down. Corman referenced the case of Blue Security, an Israeli-based startup whose aggressive anti-spam measures in May 2006 drew a counterattack from spammers that was so vicious, it forced the company out of business. "Somebody wrote a [botnet], and Blue Security did a really good job of fighting," Corman said. "So [the attackers] did a DDoS and took it off the Net for awhile. Blue Security went to the best anti-DDoS technology on earth. The next onslaught came and [Blue Securitys defenses] worked. So the botnet herder stole two other peoples botnets. With three botnets, [the attack] worked, to the point where the ISP said, Im not going to let you take down my entire ISP to protect you, youre on own. And Blue Security is now out of business." A particularly disturbing point to keep in mind, Corman said: Botnets in May 2006 were very, very small, compared with Storm. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel