Stopping 'storm'.

From the Storm Wiki page: "This code is run from %windir%\system32\wincom32.sys on a Windows system, via a kernel rootkit, and all connections back to the botnet are sent through a modified version of the eDonkey/Overnet communications protocol."

Limewire users also beware.

Ironically, Microsoft itself makes available some pretty good tools to detect and combat rootkit-launched malware such as Storm. Pay particular attention to Mark Russinovich's RootkitRevealer, which detects persistent kernel rootkits such as Storm's. (Russinovich is best known for discovering the DRM rootkit Sony contemptuously foisted on its music customers back in 2005.)

Thanks e, excellent techno fedback . I'd been reading about this and wondering what it was about. Nice input.

It runs a scan and finds some things, but as the site explains, you can't be sure what is normal (essential) and what is a worm. So what good does that do?

Even though I love the e-man I haven't checked his links yet ! I was biding my time here waiting to see what other 'braver people'* did.

A lot of shitware out there will puport to help with security/virus etc for free. And then.....Well I think we all know how it can go (for those who don't, visit the computing section of CR4 and use the search button.) There is some good free security stuff to be had, but you really have to pay to get something decent. Even then, the safe hasn't been built that can't be bust. Multiple gates I suggest ( and no, not the bill kind )

* Anyone other than you vermin, and I'd have said 'fool'. You probably know more about this stuff than anyone here.

It runs a scan and finds some things, but as the site explains, you can't be sure what is normal (essential) and what is a worm. So what good does that do?

-----

Because this tool isn't perfect, it is therefore useless? Of course RKR isn't perfect; no exclusively-software-based detection tools are. You need the cooperation of specialized hardware - memory fences, for example - and even then you're not home free. RKR's "finding some things" is pretty useful, actually. Especially because of the kind of things it finds.

The 'storm' will not affect me here.

I have plenty of good Security Software running on a 24/7 basis.

Each year several hundred thousand malware items try and enter.

So far none have succeeded, and I intend to keep it that way....

"Each year several hundred thousand malware items try and enter. So far none have succeeded, and I intend to keep it that way..."

All it takes is one, and the deck is stacked.

"Plenty of good Security Software running on a 24/7 basis" is completely useless against Zero-Day exploits.

"The Storm will not affect me here."

Maybe not Storm, but those sure sound like Famous Last Words.

I should have mentioned that I have Hardware Security in place, 24/7 too.

It took me several years to establish a good combination of Hardware and Software, all Compatible with the Operating System/s used here and each other, without conflicts.

I have been a Beta tester over the years, for many Security Software Companies - Unfortunately some did not like my reports, when shown their product had Security leaks.

They discontinued my Beta Tester status.

Another few cases of shooting the messenger....

Your statement reminded me of the old saying "Pride goes before a fall!"

I also take a lot of precautions, but I will never say "NEVER!"

One word solution.

LINUX

Storm will be getting around to Linux one day......its just too unattractive at this time due to a lack of numbers in comparison to Windows.

There is basically no other reason that Linux(ii) have not been attacked up to now.

So keep praying that it remains unattractive to the masses.....!

I keep wondering what the payoff is for the people that write the malware. Is it just bragging rights? I dont know about you, but I'm afraid that if I knew someone that was responsible for generating this crap and bragging about, his/her efforts would be squealched very quickly. Such a person must live in an underworld of corruption. On the other hand, I remember hearing about one such turkey being given a high paying job at an internet security company instead of going to jail for 20-30 years where they belong. If thats the case, who is to blame for the problem.

'storm' isn't just one geek in a bedroom. It's a highly organized criminal network. Some highly skiled people develop the network to infiltrate computers and arrange what is known as a 'bot-net'. A virus can be implanted on your home pc and lie dormant. Upon command all these dormant pc viruses can be activated. The combined computing power, when deployed, can make the NSA look like a bunch of pigeons using an abacus. The list of possible uses is endless - monetary theft, identity theft, DOS (Denial Of Service), attack for warfare etc etc etc. 'storm' is just one of many. When activated it could change our entire world at the click of a button.

I have not looked at any links yet guys, but I am going to hazard a little guess here anyhows.

All this bot-net talking isn't new and dates back from as far as the early 80ies. It was claimed back then, as well as used in films, that some corrupt organization would "take over" every persons identity or even have control over them. This is an utterly preposterous proposition and can not work. Maybe they can take over your computer and maybe they can make it do things or do things with your data but the fact is if they want to hook all those together, they need to be in charge of a central network that is going to be busier than al the queens in all the insect nests you can think of.

It is not possible to assign a task and not know which particular computer is going to do the work. You end up not knowing what has been done and what is not, just going to fall down like a deck of cards.

I think this part is scaremongering and guess who is profiting from that?

Don't get me wrong, I have protection up to the hilt and I believe in looking after it on a daily basis. I am sure as hell going to make life as hard as possible for them and so far so good. No real damage EVER, just little pinpricks which are detected and dealt with. You need to do these things to stay clear and safe but don't over react please.

Ok, I I'll now go and look at these links and if I get scared I will be back and ask for your help.

Have a good evening all.

Case491

p.s. if in doubt, pull the phone line out

Case writes: "It is not possible to assign a task and not know which particular computer is going to do the work. You end up not knowing what has been done and what is not, just going to fall down like a deck of cards."

-----

Hi Case,

It is possible to distribute tasks over a large network and still maintain coherency. One of the first to do this was the SETI project which used a specialized screen-saver running on each node to perform spectral analysis and feature extraction of radiotelescope signals.

Another project used this approach to decrypt the remaining undeciphered Enigma messages sent from German u-boats during WWII.

There is currently a very popular open-source project, called boinc, which provides a framework for distributing compute-intensive tasks over very large networks. boinc is most popular with the scientific community for solving NP-hard problems.

Geez, Kris, you make Storm sound almost as bad as Windows.

LOL, now that really is bad !

The collective power of Storm's zombie army exceeds the world's fastest supercomputers by at least an order of magnitude. Take IBM's "Blue Gene" super: fully configured it weighs in at 'only' 360 teraflops. Storm has anywhere from 1.5 to 5 petaflops at its disposal. Petaflops can do wonders when it comes to decrypting passwords, decrypting encrypted communications and data, and so forth. The best encryption schemes are still way beyond reach of even Storm, but several important ones come within range.

DES - a 56-bit scheme - fell within three days using a specialized machine, the EFF DES cracker ("Deep Crack"). Deep Crack is a machine built by the Electronic Frontier Foundation (EFF) to perform a brute force search of the DES cipher's keyspace—that is, to decrypt an encrypted message by trying every possible key. The aim in doing this was to prove that DES's key is not long enough to be secure. Deep Crack's 90-million-key-per-second rate is a drop in the bucket compared to Storm, which could crack a DES-encrypted message in a matter of seconds.

Sadly, DES and its successor, Triple DES (aka 3DES and TDES), are widely used to encrypt electronic communications between banks and ATMs, credit-card readers and so forth. Other encryption schemes like the Blowfish-448 cipher stand an excellent chance even against a petaflop monster like Storm, but the banking industry is still entrenched with DES and 3DES. For my part, I'm wondering if banking is Storm's ultimate target.

Those people at EFF sure have a sense of humour with nomenclature.

Anybody like to guess what the military (all sides) get up to with hacking etc. I'd have thought bot-nets could be useful to them as well. It probably doesn't matter too much, the UK's Government and Security forces seem to have a habit of just loosing laptops etc. Banks have done similar.

Here's a paranoid thought ; Somebody controlling lots of zombie computers could have them all register with CR4 and log in simultaneously. Oops, meltdown. .A lot of places use those silly squiggled letters to try and verify a human is reading them before allowing registration ( for all sorts of functions). Even those are not infallible.

You know, all this net bot stuff is really unnecessary. Doesn't anyone remember reading that article about the university that wanted a super computer?

Anyway, while they have only 2% of the game machine market, seems PS3s have some really impressive hardware inside. The university was able to make their own super computer by stringing a bunch of PS3s together.

So, let's all go to the toy store!

Wii !

Storm would not be possible if everyone took the time to follow all the "golden Rules" regarding Trojans and Viruses......anyone who is infected(?), is themselves to blame!

Its what you don`t know that hurts!!!

When in doubt set your clock back to 11:59:59:999 - 12/31/1945 and see what your computer does with the CD Rom (Coffee anyone?)

"Fear the Turtle!"