(((It counterattacks computers that discover its vast, seething lair.)))
–Storm Botnet Intensifies
(August 15 & 16, 2007)
The Storm botnet has taken a new tack, launching distributed denial of service (DDoS) attacks against computers that are scanning networks for vulnerabilities. The Research and Education Networking Information
Sharing and Analysis Center (REN-ISAC) has issued a warning to its 200
members that their networks could be attacked as they are scanned for malware introduced by returning students. When the scanner scans a computer that is part of the Storm botnet, the rest of the botnet inundates that computer with traffic. The reason colleges and universities are more vulnerable to this new twist is that their scanners are visible to the Internet. Most companies have their scanners on private networks, where the botnet would not be able to find them.
Internet Storm Center: http://isc.sans.org/diary.html?storyid=3286
http://isc.sans.org/diary.html?storyid=3298
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=201800635
http://www.securityfocus.com/news/11482
[Editor's Note (Ullrich): This is a significant battle that was lost due to reliance on antiquated anti-malware technology and our inability to learn the lessons we have to learn from these outbreaks. Again: Storm does not use technical vulnerabilities. But 7 years after "I Love You", users are still clicking at will, system admins still can't protect them from exposure to these links, and anti-malware vendors still sell products that don't protect the customer's machines from important attacks.]
(((From SANS.)))
