Welcome to YLOAN.COM
HOME MARKETS TRADE SOLUTIONS TECH CONTACT
yloan.com » virus » Storm - Viruses Part 2
Games Personal-Tech Data Entry registry cruise torrent mac code virus storage uninstaller systems cisco bugs wireless codes maintenance dell update communication trojan atlanta Data Backup Data Storage Data Protection Data Recovery Anti-Virus Windows Linux Software Hardware Mobil-Computing Certification-Tests Computers & Internet Internet

Storm - Viruses Part 2

In last weeks article we were looking at some of the most powerful viruses of the past decade

. Continuing with the virus theme, this week we will talk about a worm called 'Storm'. It has to be said that I am extremely impressed by the strength and capability of this worm. Obviously, as it has not be created for a good cause I am only impressed in a disdained fashion. Nevertheless, I believe this worm was worthy of its own article.

The Storm Worm was discovered on January 17th 2007 as it began infecting thousands of computers by using an e-mail message with the subject line "230 dead as storm batters Europe" and after just six waves of attack the Storm Worm accounted for 8% of all infections globally. During its life the worm has continued to primarily infect people in the same fashion by getting them to open an executable attachment (opening executable attachments is NEVER a good idea) by sending e-mails with a catchy subject lines.

The rather unbelievable and arguably impressive stuff begins to happen once a machine has been infected however when, unbeknown to the user, it makes itself part of the Storm botnet; a network of "zombie" computers that are remotely controlled that have been infected by the Storm worm. An infected machine can be told to carry out commands given by the authors once it has been made part of the botnet - worryingly security analysts still have no idea of the country of origin.

Some have estimated that as many as 1 to 50 million infected computer systems comprise the network however one network analyst that claims to have developed software to crawl the botnet estimates a more conservative 160,000 machines.


This network has been known to participate, collectively, in a number of criminal activities from gathering user data, to attacking websites and forwarding the e-mail on to more potential victims. It is estimated that approximately 5,000 zombie machines are dedicated to passing the e-mail on, with a record 57 million messages estimated to have been sent on August 22nd 2007 alone. The worm automatically re-encodes the infection software twice an hour in order to avoid detection by anti-virus scanners. This means that there are many different variants of the same worm.

The system itself works on a peer by peer basis (such as that employed by file sharing applications) so that external monitoring the system and bringing down the network is made next to impossible; the machines all talk independently of a centralised server there is no one point of contact that can be targeted. The remote servers which control the botnet are also hidden behind a constantly changing network of proxies and variable DNS (Domain Name System) addresses changes. The network has also shown signs of intelligent defensive behaviours and whilst it is unknown whether these are automated or human controlled responses, security operators who have tried to probe the network have instantly been punished with a consolidated DDoS (Distributed Denial of Service) attack from the network which instantly cripples them.

The overall power of the network cannot be accurately estimated but if we work on a relatively conservative assumption that there are one million zombie machines (with broadband connections) being controlled from one source then the potential combined computing power and Internet bandwidth is quite staggering. If a network such as that created by Storm can exist by such a simple method of infection as an executable e-mail attachment then we could be in real problems for the future should the method of infection become more advanced and require no user interaction such as that employed by the Sasser worm which we covered last week.

by: Chris Holgate
How to Remove Tango Toolbar Virus How to Remove Adware.Websearch Virus How to Remove RekloPay Virus How to Remove Adware.KMGuide Virus How to Remove Win32.Adware.AdPromo Virus The Sickness in STDs is not the Virus But The Ignorance The Problem in STDs is not the Virus But The Ignorance Uninstall Mcafee Virus Scan - How to Uninstall Mcafee Virus Scan Easily and Instantly How To Fix Virus Problems? AVG Anti-Virus Free Edition 2011 How To Recover Files Deleted Due To Vbs.pub Virus? How to Remove Adware.AdRotator Virus? How to Remove Widgi Toolbar Virus
print

Contact

mail:info@yloan.com

www.yloan.com

About us Infoline Team Join us Cooperation

Products

Yloan information

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

loan info finance info
www.yloan.com guest:  register | login | search IP(3.148.196.9) / Processed in 0.008461 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 14 , 3790, 445,
Storm - Viruses Part 2