Storm Worm challenging world's fastest supercomputers

September 1, 2007

It is being reported that the network of compromised Microsoft Windows computers under the thumb of the criminals who control the Storm Worm has grown so huge that it now has more raw distributed computing power than all of the world's top supercomputers.1

Depending upon which sources you ask, the number of machines infected by Storm Worm is estimated at being anywhere in the ranges of 250 thousand to 1 million in the lower end2, up to an unbelievable 5 to 10 million in the upper end.3

Peter Gutmann, a computer science professor at the University of Auckland, and perhaps best known for his contributions to cryptology and his Gutmann method for erasing data from hard drives, has recently brought this issue to light in the Full Disclosure Cryptography Mailing List:

This doesn't seem to have received much attention, but the world's most powerful supercomputer entered operation recently... Using the figures from Valve's online survey, http://www.steampowered.com/status/survey.html, for which the typical machine has a 2.3 - 3.3 GHz single core CPU with about 1GB of RAM, the Storm cluster has the equivalent of 1 [to] 10M (approximately) 2.8 GHz P4s with 1 [to] 10 petabytes of RAM (BlueGene/L has a paltry 32 terabytes). In fact this composite system has better hardware resources than what's listed at http://www.top500.org for the entire world's top 10 supercomputers:



BlueGene/L: 128K CPUs, 32TB
Jaguar: 22K CPUs, 46TB
Red Storm: 26K CPUs, 40TB
BGW: 40K CPUs, 10TB
New York Blue: 37K CPUs, 18TB
ASC Purple: 12K CPUs, 49TB
eServer Blue Gene: ?
Abe: 10K CPUs, 10TB
MareNostrum: 10K CPUs, 20GB
HLRB-II: 10K CPUs, 39GB

This may be the first time that a top 10 supercomputer has been controlled not by a government or megacorporation but by criminals. The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?4

However before jumping to conclusions, note that Peter Gutmann is simply talking about computing resources (i.e. number of CPUs, and total amounts of RAM). He is not comparing the total computing performance of Storm Worm versus the world's fastest supercomputers.

BlueGene/L, the world's top supercomputer, has a sustained performance of 280 TFLOPS.5

It would be difficult to accurately assess the TFLOP rating of a botnet such as Storm Worm when experts have such a difficult time measuring its size, and compromised machines probably range anywhere from old computers running legacy versions of Windows that have been neglected for the past few years, to brand new computers whose owners, not knowing any better, get infected within the first few hours of going online for the first time. But for the sake of argument, we could try to gauge Storm Worm's TFLOP rating by examining the computing power of other (legitimate) distributed networks.

As of August 31, 2007, SETI@Home has 1,551,700 active hosts, with a total capacity of 273 TFLOPS. Folding@Home has 171,800 active CPUs, with a Total capacity of 858 TFLOPS (although Folding@Home enjoys a significant boost to its TFLOP rating thanks to the participation of Sony Playstation 3s. Currently only 33,235 PS3s contribute 602 of those 858 TFLOPS. In fact, the organizers of Folding@Home believe that with just 50,000 PS3s, they'll be able to reach 1 PFLOP - essentially dwarfing BlueGene/L).6

So, what do you do if you are a criminal organization and you effectively have the world's most powerful supercomputer at your hands? Although Hollywood might speculate that its capacity could be rented to a hostile government for use in simulating the detonation of nuclear weapons, chances are that it will mainly be used for its available bandwidth to flood the Internet with more SPAM, perform click fraud, and to engage in DDoS attacks.




1. "Storm Worm Dwarfs World's Top Supercomputers", The Washington Post, August 31, 2007

2. "Storm Worm's virulence may change tactics", PC World, August 2, 2007

3. "Storm Botnet Driving PDF Spam", SecurityProNews, July 13, 2007

4. "World's most powerful supercomputer goes online ", Peter Gutmann, August 31, 2007

5. "TOP500", Wikipedia, August 31, 2007

6. "Folding@Home on the PS3", Stanford University, March 26, 2007