A Storm Rages
Sunday, January 21, 2007
(Don't think that I've been remiss in not keeping this blog updated -- after writing a magnum opus of a post, I had to scrap it to protect the security of some of the sites mentioned. When the bad guys are willing to do anything to keep the cash flowing, sometimes discretion truly is the better part of valor).
The malware story to beat lately has to be the Storm Worm. This bad boy has gone from initially being a dangerous trojan with some limited spreading capabilities (here), to a zombie-creating bot with massive spreading tactics (here and here), all the way to its current version, complete with kernel-mode rootkit and the aforementioned Botnet-creation capabilities (here and here). It's worth noting that the Botnet created is a P2P Botnet with a decentralized Command and Control (C&C) structure, making it much harder to simply knock out the C&C Server and watch the cards fall, Shadowserver-style.
And the speed at which this monster is spreading is rather impressive. Consider F-Secure's video of client detection locations:
I doubt it's slowed-down all that much, either, if at all. All the programs are named with astounding headlines ("First Nuclear Act of Terrorism," for example), and we're one big, happy world of media-crazed, double-click-any-attachment-regardless-of-common-sense people, right? Someone's Botnet must be getting a heck of a lot bigger...
"All the better to DDoS you with, my dear."
Regards,
David
posted by David @ 9:49 PM,
