Storm Worm Dwarfs World's Top Supercomputers

The network of compromised Microsoft Windows computers under the thumb of the criminals who control the Storm Worm has grown so huge that it now has more raw distributed computing power than all of the world's top supercomputers, security experts say.

Estimates on the number of machines infected by Storm range from one million to 10 million, depending upon which security sources you believe. But hardly anyone would argue that many thousands of new PCs are being stricken by the worm each day, largely because the worm authors are continuously changing their tactics to trick people into installing it.

Massive pools of virus or worm-infected PCs, known as "botnets," are principally used to blast out spam, host scam Web sites, or to flood targeted Web sites with so much junk traffic all at once that they simply crash and are rendered unreachable by legitimate visitors. But the criminals who control these infected machines could just as easily use them to do some serious number-crunching, the kind of computational analysis typically left to the world's fastest supercomputers.

In a posting today to a data security mailing list, Peter Gutmann, a computer science professor with the University of Auckland in New Zealand, said the Storm botnet could easily outperform IBM's BlueGene/L, currently the top-ranked supercomputer on the planet.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company

Storm Worm Authors Turn to YouTube Lures

Security Fix has spilled quite a bit of digital ink warning readers about the ever changing tactics of criminals behind the the indefatigable "Storm worm." This week's tactic (or today's as the case may be) involves e-mailed Web links disguised as video clips from YouTube.com

Here's one example that I received yesterday:

The link in the image on the right does not take the clicker to YouTube.com, but to an Internet address of a home computer that the bad guys have compromised and are using to serve up malicious software. If you hover such a link with your computer mouse, it should reveal that the true address is a dotted IP address (e.g. http://72.15.x.x), not a page at YouTube.com.

After a user clicks through to one of the Storm addresses, the machine at that address will attempt to exploit a kitchen sink of known Web browser and other software security vulnerabilities. If the would-be victim is invulnerable to these attacks, he or she will be prompted to simply download and run the malicious code.
The Storm worm is already hugely successful, with estimates of infected machines in the many millions worldwide. This clever tactic, however, is likely to significantly increase the pool of sickened machines.

Read more ...

Brian Krebs on Computer Security. The Washington Post Company