Does your computer have Worms?

January 19th was the first anniversary of the Storm Worm , widely recognised as one of the most disruptive and difficult to eradicate examples of computer malware ever released.

In its first weekend it was responsible for eight percent of all malware infestations globally.

The worm spread as an attachment to an email with the subject line "230 dead as storm batters Europe". Once the attachment is opened it installs various components which cause the computer to join a botnet where it can be remotely controlled.

Another attack route is via infection-hosting websites offering free music from popular artists.

What is unusual is that control of the botnet is distributed. Each bot (member of botnet) only knows about a few others which means that there is no single machine which controls the entire botnet. This is how peer-to-peer file distributions systems like Limewire work although with different intent. As a result the botnet is extremely resilient and difficult to disrupt.

Most people won’t know that their computer is infected because Storm doesn’t have any noticeable performance impact on its hosts.

Estimates vary but there are figures that suggest between one and fifty million infected computers in September 2007.

Storm can prevent anti-virus programs from operating properly and the botnet even defends itself from investigation. Botnet researchers in California found themselves the victim of distributed denial of service attacks which shutdown their whole University’s access to the Internet.

I don’t know about you but I think this is terrifying.

And don't think that because you have Vista you will be safe either.

Very technical article by Joe Stewart discussing how Storm Works: Storm Worm DDoS Attack .

Here is a clear but technical article by Bruce Schneier discussing Storm: Gathering 'Storm' Superworm Poses Grave Threat to PC Nets .

Set as favorite

Bookmark

Email This

Trackback(0)

TrackBack URI for this entry