-
April 24th, 2008, 09:58 PM
#1
Storm Gets Polluted
The Storm botnet became legend thanks, in part, to its impenetrable, unknowable command and control structure. But researchers have discovered the botnet's Achilles' heel.
Researchers Infiltrate and 'Pollute' Storm Botnet - Dark Reading
The researchers, from the University of Mannheim and the Institut Eurecom, recently infiltrated Storm to test out a method they came up with of analyzing and disrupting P2P botnets. Their technique is a spinoff of traditional botnet tracking, but with a twist: it not only entails capturing bot binaries and infiltrating the P2P network, but it also exploits weaknesses in the botnet’s P2P protocol to inject “polluted” content into the botnet to disrupt communication among the bots, as well as to study them more closely. The researchers tested their pollution method out on Storm -- and it worked. They presented their research this month at Usenix.
To continue the Storm buzz...
-
April 24th, 2008, 10:38 PM
#2
is it just my imagination or is it stupid to publicize, in detail, the means by which these bots are being thwarted? Why not just call up the developers and say hey we found a flaw in your bot, this is how it works so you can fix it.
-
April 25th, 2008, 03:20 AM
#3
Originally Posted by JPnyc
is it just my imagination or is it stupid to publicize, in detail, the means by which these bots are being thwarted? Why not just call up the developers and say hey we found a flaw in your bot, this is how it works so you can fix it.
uh, what?
-
April 25th, 2008, 01:42 PM
#4
dead,
~sarcasm on jpync's part there
"...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
--Socrates
*Einstein Would Be Proud*
-
April 25th, 2008, 07:22 PM
#5
If anything, it displays the cunning, patience and methodical nature of some hackers. Plus, we've been hearing how Storm and botnets like it are untouchable. Not so much anymore...
-
April 27th, 2008, 01:45 PM
#6
Member
Yeah but just wait until the Russian programmers hear about this. I have a feeling they'll be updating all of their bots with a new strain to counteract this.
-
April 28th, 2008, 03:27 PM
#7
Of course they will, that's my point. I don't know that I'd be so quick to publicize this so widely, and so thoroughly. I know there is a need to inform but the other side of the coin is, it helps the battle to be a never-ending one.
-
April 29th, 2008, 01:37 PM
#8
Senior Member
I know two things and those are the battle will never end, and obscurity is never a good form of security.
Usenix article: http://www.usenix.org/event/leet08/t...olz/holz_html/
My hat goes off to everyone involved in this...
-sp0nge
Did curiousity really kill the cat, or is that just what they want you to think?
-
April 29th, 2008, 04:39 PM
#9
I know the battle will never end, but does that mean they have to make it so much easier for the opponent to respond?
-
April 29th, 2008, 08:15 PM
#10
Senior Member
I just feel that not only have they alerted Storm's operator, but they have helped shine the way for anyone who has the technical ability who wishes to experiment with this as well.
The technology involved with botnets has infinite potential and personally I look forward to being able to learn more about such things in the future. I wish I had the ability to do something similar
It is such a shame that the party involved with the creation of such a network had such poor motives. This would all make such a good lecture at the Black Hat conference, and if this was able to function as sort of a distributed computing network...
-sp0nge
Did curiousity really kill the cat, or is that just what they want you to think?
Similar Threads
-
By s0nIc in forum Security News
Replies: 10
Last Post: March 15th, 2006, 07:27 AM
-
By genXer in forum Security News
Replies: 4
Last Post: November 30th, 2005, 10:45 PM
-
By moxnix in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: April 4th, 2004, 02:51 AM
-
By BoZaK in forum Newbie Security Questions
Replies: 3
Last Post: July 29th, 2003, 11:55 AM
-
By Networker in forum Miscellaneous Security Discussions
Replies: 5
Last Post: February 4th, 2003, 04:37 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|