Futurismic

Here’s a new twist in the ongoing saga of the Storm worm spam network - it has started delivering fiction into our inboxes. [via Bruce Sterling]

Not science fiction, sadly - that’d make for an even better headline - but fake news headlines. Perhaps in response to people slowly wising up to email subject-lines about fake Rolex watches and “spec14l blu3 p1ll 4 b3dr00m”, the botnet is now replacing them with specious news stories about non-existent natural disasters and celebrity mishaps:

“The emails contain such headlines as ‘Eiffel Tower damaged by massive earthquake’ and ‘Donald Trump missing, feared kidnapped.’”

Pitching for the schadenfreude market, then … we’ll be able to judge the effectiveness of this new tactic by watching for how long they keep using it. [image by El Garza]

Related posts

• Semi-sentient Storm botnet fights back (1)
• Nobel winner writing new novel online - and giving it away for free (0)
• China embraces the digital novel (0)
• Your five-year internet fast starts now, courtesy of Elton John (4)
• Writing tips round-up (1)

More botnet news, this time in the form of military fist-shaking bluster! Here’s an article [via SlashDot] in the Armed Forces Journal that suggests the US military apparatus should build its own botnet for “the ability to carpet bomb in cyberspace”:

“The time for fortresses on the Internet also has passed, even though America has not recognized it. Now, the only consequence for an adversary who intrudes into or attacks our networks is to get kicked out — if we can find him and if he has not installed a hidden back door. That is not enough. America must have a powerful, flexible deterrent that can reach far outside our fortresses and strike the enemy while he is still on the move.”

If I’m not very much mistaken, Colonel Williamson has only partially grasped the whole “internet as a non-locational space” thing.

“As much as some think the information age is revolutionary, local networks and the Internet are conceptually similar to the ancient model of roads and towns: Things are produced in one place and moved to another place where they have more value.”

Well, yes - things are produced in one place, sometimes (er, crowdsourcing?). But with the web, that thing can then be everywhere, all at once. Data is an infinite good. Colonel Williamson’s talk about roads-and-towns and “states competing against one another” goes a long way toward suggesting why traditional military organisations have struggled to combat terrorism - they simply don’t have a clue how it (or the internet) works.

But back to the carpet-bomb botnet - Colonel Williamson says that “[t]he U.S. would not, and need not, infect unwitting computers as zombies.” Instead, he thinks it best that the power be built up legitmately - which, again, kind of misses the point of a botnet, in that they’re designed to leverage an amount of hardware that would be financially impractical to buy, build and maintain. [image by TailspinT]

Here’s a better idea - how about a kind of “Milnet@home” project? Show your love and pride in your nation by letting it use some of your spare cycles for smiting the enemy! Come on - you’d trust Uncle Sam with your computer, wouldn’t you?

Related posts

• You The Man Now, Dog (0)
• You Are Officially Mentally Disturbed (3)
• When cybermoths attack! (0)
• Web wars - white hats versus black in botnet battles (4)
• Video games make better soldiers (0)

Malicious software and obfuscatory legalese - two bad tastes that, I imagine, taste even worse together. [image by j l t]

Thankfully, as I’m not in the business of trying to turn a profit by building botnets, it’s not a flavour combo I’ve encountered myself, but there are reports that such things really do exist. Caught with the same economic problem as legitimate software houses - an infinite good, easily reproduced - malware crews are including EULAs with their program packages.

Of course, a malware author can’t fall back on the courts to enforce the terms of the agreement, and so the threatened actions are a little more, er, direct - basically, if you mess with the code they’ll rat you out to the antivirus companies. But, in the words of Mike Masnick at TechDirt:

“… we already know that almost no one reads normal software EULAs, so I somehow doubt that the online scammers using this software are bothering with the fine print either.”

I can’t say I’m feeling too sad about that.

Related posts

• WiFi flu (2)
• Web wars - white hats versus black in botnet battles (4)
• The Street Finds Its Own Use for Things (…and so does prison) (1)
• Storm botnet turns its hand to writing fiction (0)
• Semi-sentient Storm botnet fights back (1)

They may be off the news radar at the moment, but botnets are still a serious bugbear for computer security professionals - it’s hard work trying to defeat something that fights back, after all. [image by Rodrigo Senna]

So here’s a new idea from the University of Washington - why not fight fire with fire, and build a white hat botnet to defend against the DDoS attacks af the black hat botnets?

“Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers.

The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped.”

Sounds like a good plan. It’s beyond my knowledge levels, but the guys at Techdirt seem to think it’s a creative approach.

As a recent convert to Linux, this is the part where I smugly remind everyone that if certain commercially ubiquitous operating systems weren’t so riddled with security flaws, botnets wouldn’t be a problem anyway …

Related posts

• Semi-sentient Storm botnet fights back (1)
• Wikipedia Colored By Editor’s Reputation (1)
• Wand For Scraping Audio Samples (1)
• Walking the Walk (4)
• Virgin America’s Entertainment Tech (1)

OK, I might be stretching the point with "semi-sentient", but it still has all the hallmarks of a bad AI thriller movie plot. The infamous and still-growing botnet created by the Storm worm virus is able to detect when its command and control structure is being probed by computer security types, and launch denial-of-service attacks at them in retaliation. While some experts believe that Storm has pretty much run its course, others estimate that it may be sitting on a power-base of more than 15 million infected machines, waiting to be hired out to the highest bidder. It’s a long step from the golden era of the Christmas Tree and Friday The Thirteenth viruses. [Via BoingBoing] [Image by RileyRoxx]

Related posts

• Web wars - white hats versus black in botnet battles (4)
• Storm botnet turns its hand to writing fiction (0)
• Wikipedia Colored By Editor’s Reputation (1)
• WiFi flu (2)
• Wand For Scraping Audio Samples (1)