those crazy germans, cutting service off to infected customers.

Posted at 12:40 am on Jan 17th, 2009 by _matt

Viral Anti-Virus
or
Anti-Viral Virus?

VAV or AVV for short. Whitehats to the rescue! (Or not. More like to the proof-of-concept! Some greyhats should take note)

Posted at 1:05 am on Jan 17th, 2009 by cde

So, what i don’t get is why they dont publish “stormfucker” and let random users who wants to fight storm run it. This way nobody will know who was actually “let it free” and we would hopefully destroy parts of storm.

grats

Posted at 1:53 am on Jan 17th, 2009 by martinmunk

Or more to the point, why not just run it? Yes, it uses the same techniques to move about as malware, but it *isn’t* malware. Storm is bad not because it spreads in a viral manner, but because of the shit it pulls once installed.

And given that this uses the storm mechanism to spread, won’t this already be stopped by whatever anti-malware software people may have installed, meaning only those already infected would be hit?

I say, let loose the dogs of war.

Posted at 4:29 am on Jan 17th, 2009 by nebulous

Well, I’m 100% behind the name at least. Here’s hoping it works.

Posted at 4:30 am on Jan 17th, 2009 by Coyotecom

I’m against the use of this tool without users notice, you can never be sure not to destroy data on the target system by accident. What I am suggesting is that ISPs noticing 100% clear bot behaviour on IPs will reroute the next HTTP request to a warning site suggesting steps to get rid of the infection or call for service, then after say 20 seconds follow the original HTTP request. It could be seen as a self defense/prophylactics of that ISP, who knows if the next bot attack isn’t against a domain hosted by that ISP?

Posted at 7:22 am on Jan 17th, 2009 by ragnar

Old news. It’s the same deal with other botnets.

What’s pathetic is the most effective propagation method is still email attachments. Also companies that lease botnet time aren’t prosecuted. So yeah, don’t look for it to go away, spam is epically profitable.

Posted at 7:27 am on Jan 17th, 2009 by TJHooker

there were debates about the ethics of a viral anti-virus in some early 90s x86 assembly textbook I had. the general consensus then was the same it is now, the idea is good in theory but because of the impossibility of testing in all system configurations, you could end up with the same bugs some viruses have, slowing down systems or corrupting data.

this would really be more of an anti-worm worm by definition though, unless storm is infecting lots of executables on the same machine besides being a worm.

Posted at 8:19 am on Jan 17th, 2009 by loldongs

@loldongs: three reputable researchers have done this exact same thing with various botnets in the last 2 years. The red tape is the legality of running arbitrary code on remote machines.

Even if they could, a new DNS system would be made making it harder, because spam is extremely profitable. If you look at the statistics these bot nets are mainly used for denial of service attacks and spam.

Posted at 8:41 am on Jan 17th, 2009 by TJHooker

double post: What’s really hilarious is that any of us can go lease portions of the botnet right now, and nobody knows who controls it. yet you get DMCA letters for P2P downloads, and supreme court prosecutions for distributed soliciting while not under trademark.

Posted at 8:53 am on Jan 17th, 2009 by TJHooker

OMFG the fucking wanker geek squad want to fight with the evil storm worm. These so called researchers are the most disgusting scum of the community go back wank in the dark you retards instead of fight us. We will destroy you faggots.
Until people make profit from storm worm like malware you won’t have a restfull night.

You think you are the good guys and you want to make a cleaner internet when the whole world is a toilet more or less shit in it doesnt matter. Go fuck yourselves, you will lose at the end!

Go back to the university suck more cock u are too dumb to grow up yet shitheads you don’t have the education of the street yet!

Posted at 9:33 am on Jan 17th, 2009 by jude

shut the fuck up jude

Posted at 10:02 am on Jan 17th, 2009 by anti-judge

jude: finish your homework, and clean your room, or I’ll take your computer away!!

Posted at 10:33 am on Jan 17th, 2009 by jude's dad

@Jude:
I expect your extent of ‘teh streetz’ involves shagging anything that moves and fantastic use of a cocaine knife. Maybe you should stick to that?

@:
It’s not the first. At least one virus I’ve read about actually puts itself on your computer, patches your computer against it and another virus in the wild, then deletes itself completely. If your computer were to be infected by it again, it would look for the patch it made and delete itself again if it found it.
How helpful, I like it.

Posted at 10:52 am on Jan 17th, 2009 by Nox13last

@Jude:

You hint that you are part of the botnet scene – but judging from the language used in your post I’m guessing you’re nothing to do with storm botnet. Writing that would take some skill.

I’m guessing you’re just some kiddie with maybe a few zombies using rxbot or some other p.o.s malware trying to make yourself look “l33t”.

You’re really not kidding anyone.

Oh, and the researchers “don’t have the education of the street”? Computers aren’t the street. On computers you get flamed for a dumbass post like that. You did that to someone on the street and I’m fairly certain you’d get your kiddie ass kicked.

:)

Posted at 11:18 am on Jan 17th, 2009 by az

@jude:

oh dear, did sombody just get turned down a place at university?

Posted at 12:23 pm on Jan 17th, 2009 by matt

Problem with your idea ragnar is that any sensible person would not believe such redirects, because that’s a known trick of viruses/worms, to fake being a helpful site or ‘alert’, like the famous ‘your IP is x.x.x.x, hackers can already start to attack you! install our crap now!’
Let the ISP’s just send a regular snailmail.

Posted at 12:47 pm on Jan 17th, 2009 by Wwhat

@jude: Nice 4chan’ish troll. Something tells me you’re not capable of much else than what you’ve shown here.

The truth is the control nodes are hidden behind hundreds of tiers of DNS and researchers can’t just break into the computers. Also in some aspect corporate governance is profiting off of the spam, so they won’t directly prosecute and interrogate the people charging for lease time on them, or the companies who pay to have their stuff advertised in the spam.

Posted at 1:00 pm on Jan 17th, 2009 by TJHooker

Hey jude, don’t make it bad. Etc etc.

My own ISP actually does detect botnet (and spambot) hosts, and disconnects a person’s internet access, by redirecting every HTTP request to a dummy site, and denying everything else. The page just tells people to call the ISP for help on getting unstuck, and the helpdesk can tell them to clean up their shit.

I’m sorry to say I got stung by this. Had an old laptop working on an out-of-house connection, unfirewalled, for a bit. Picked up a bot, got it home, and started spamming from there. Easily and unavoidably fixed.

Posted at 1:57 pm on Jan 17th, 2009 by nebulous

@jude: yea i agree with everyone else, your retarded.

I just sent this link to a prof. of mine at RIT. I took a malware class with him and we took a look at the storm bot. It was hard to analyze it because of its defensive mechanisms. If this stormfucker app really can beat it i say let people download it and opt in. I certainly would download it.

Posted at 6:30 pm on Jan 17th, 2009 by Rob A

I see why people would be hesitant to send this out because it may screw up some machines. But if the machine is susceptible to bots already, what guarantee that the system is working properly already? Or that some other piece of malware won’t break it anyway..

Posted at 10:29 pm on Jan 17th, 2009 by Techninja

JUDE HERE, HAHAHA DISREGARD THAT, I SUCK COCKS

Posted at 5:51 pm on Jan 18th, 2009 by jude

Sucks for the malware writers. Cool concept though. It really puts meaning to “fighting fire with fire”.

Posted at 1:59 am on Feb 15th, 2009 by hazed