Category

Is anyone else starting to get concerned about the Storm Bot net? This is a topic that seems to have avoided mass media interest, despite having first cropped up in January this year. There are a number of factors which make this worm very different from prior such outbreaks. Up to now, worms would spread as fast and far as they could in order to achieve maximum power and publicity before activating a payload. This historically has been in the form of DDOS attacks. What makes storm so dangerous, is that it appears to be extremely well coded. Once a windows machine is infected, it silently joins the pool without any overt signs to the end user. The way in which the worm spreads also makes it hard to both detect and provide an effective countermeasure against as the worm's code changes twice an hour as well as its constantly evolving social engineering based attacks. Users have been lured with offers of free music or emails purportedly to be emergency notifications of a dangerous weather front in Europe. In fact the name of the worm comes from those initial emails.

Each infected node communicates with others via a specially designed peer to peer network, rather than a single central server and each node can function independently should it need to. It is hard to get an estimate as to the number of infected clients are present throughout the world. Estimates vary wildly from 50-70 thousand to 1 to 50 million. Think of the bandwidth this worm not has available and how devastating such a DDOS would be. In the past DDOS attacks, when not virus related, came from a fairly narrow range of IPs allowing the targeted systems to block provinces or even continents of IP addresses. Whilst this would render the site completely inaccessible from genuine users in those areas, at least the site could provide partial service to other areas of the globe. With Storm, there does not appear to be a way to defend against an onslaught on such diverse scale given the world wide distribution of infected clients. Worryingly the bot net has not yet been very active, experts estimate it as running at around 10% capacity with a small number of nodes (tens of thousands only) spreading the infection and other nodes either dormant or sending out spam messages. It is conceivable that over ten billion spam messages have been sent already. There are signs the bot net has been retaliating against efforts to halt its progress with several sites either being hacked or suffering DDOS attacks.

Whilst I do not wish this post to sound like I am scaremongering for the sake of a post, I am genuinely concerned as to the lack of public knowledge / media attention on this matter. Whilst a google search of 'Storm Botnet' will yield a fair amount of information, a conversation with several of my informed friends revealed very little in the way of awareness. Certainly for me, a bot with purportedly enough power to wipe countries off the Internet is a cause for concern as it should be every windows PC user.