LeeMobile

Storm Botnet

As an avid reader of slashdot, I ran across an article on building a personal mini-super computer. It’s called Microwulf, which is a play on Beowulf, a type of super computer built by clustering commodity computer parts that you would find in stores. Basically, the Microwulf is a supercomputer comprised of 4 motherboards, 4 cpus, and 4 sets of ram merged together to form one machine. Computer parts these days are dirt cheap, so building your own mini-supercomputer is relatively inexpensive. The act of combining computers together to act a one machine is called clustering, and a Microwulf cluster is simply a 4 node cluster.

For the low low cost of about $1000, you too can build your own mini super computer that’s able to pump out 26 Gigaflops, providing more computing power than the world’s most powerful supercomputer in 1990. Granted, 1990 is almost 20 years ago, but the supercomputer that held that title back then cost hundreds of millions.

Now imagine if you scale that idea of clustering to millions of machines, then you’d have a massive grand daddy supercomputer. In fact, one of these things already exists, and it’s owned by a group of criminals.

Yes, the most powerful supercomputer in the world, the Storm Botnet, is not owned by NASA, IBM, or by the US Military, but by ill-intentioned criminals.

How is this possible?

Microsoft Windows Monoculture

Almost everyone in the world uses Microsoft Windows on their computer. Grandma uses it, little jimmy uses it, and most likely you’re using it right now to read this shoddily written blog. I use it at home and at work.

The downside to being that popular means that there are malicious hackers out there who create viruses that target Windows. Like any legitimate software vendor, you want to release your software to reach as many people in the world as you can.

Another downside that has nothing to do with the disadvantages of popularity has something to do with the nature of Microsoft Windows itself. It’s insecure. Yes, I said it. It’s so insecure that you need to go out and buy third party anti-virus/firewall tools, like Mcafee and Norton, to keep your system safe. You have to do a Windows update every so often to prevent your system from being intruded upon. The way it’s designed creates a lot of security vulnerabilities.

I won’t get into specific details, but there are other OS’s out there (well, namely Linux-variants) that are fundamentally more secure than Windows. So being insecure has nothing to do with popularity.

Now what happens when you combine the risks of having an OS monoculture with an OS that is fundamentally insecure? You have a massive network of computers (the internet) that is incredibly vulnerable to malicious attacks. These two components together allow for internet worms and viruses to spread rapidly.

Storm Botnet

The Storm Botnet is essentially a large network of computers infected with a virus. The total number of infected machines ranges is estimated to be larger than a million machines, perhaps even reaching ten million, and the number is still growing.

Internet worms and viruses aren’t something new, but a botnet is something different. When a computer becomes infected with the Storm worm, it turns the machine into a zombie. The infected machine waits for instuctions from the botnet, and upon receiving those instructions it will do whatever it is asked. Each machine that becomes infected becomes one more machine that the botnet is able to control. If an infected machine was commanded to view a particular webpage, then it would. Public and decentralized servers on the web provide access points for these zombie machines to receive their commands (like IRC chatrooms, which are a decentralized and public).

If we take a conservative estimate on the number of infected machines, then the botnet easily surpasses the computational power of the most powerful supercomputer on the planet.  Theoretically, it could pump out picoflops of computing power whereas the most #1 ranked supercomputer currently is measured to produce close to 300 teraflops, a whole order of magnitude less.

The power of controlling all these machines anonymously in a decentralized manner allows for the criminals who control Storm to wreak havoc on the internet in all sorts of ways.  Storm has been used in what’s called “pump and dump” scams, where it spams the internet with stock “tips” on particular stocks.  Investors who get mislead will invest in targeted stocks, inflating a stock’s value.  Those who owned the stocks prior simply dump the stock once it becomes inflated.

Another usage of wielding such a massive botnet is to target specific websites with Denial of Service attacks.  The botnet commands a large set of machines to continually browse a page.  Servers that can’t handle such a huge volume of traffic are brought down.  This allows for the controllers of the botnet to sell their attack services to the highest bidder.  Lately there have been many attacks on anti-phishing sites, and there’s a lot of speculation that South African phishers have “hired” Storm for this service.

The Storm botnet is beyond a proof-of-concept of the failures of having an operating system monoculture.  If all internet users ran a larger variety of operating systems, then something like this could be minimized.  Viruses and worms will always exists as long as there will be disgruntled 14 year olds out there, but the magnitude of their effect could be reduced.  Often, viruses and worms are written only to target a specific operating system.  A linux machine is immune to the botnet virus, in the same effect that a linux virus can’t attack a Windows machine.

Hopefully the size of these malicious botnets will shrink as Linux and other operating systems become more widely adopted.  The Linux user-base is definitely growing in size, and as more Linux distro’s become more user-friendly it’s only a matter of time before a significant market share of computers run it.

Posted in Uncategorized | 1 Comment »