Webeye

November 29 2007 – The Storm Botnet

In Elseware on November 29, 2007 at 8:23 pm

Don’t look now, but in the corner of the room there may be a zombie, just waiting to do what his bokor, or master, bids. It is not a reanimated person, but your computer. The latest, great threat to the Internet, is a virus that takes control of your computer.

The idea of a virus spread by email, and taking infected computers under control, is not new. The Storm Worm, which began infecting computers sometime in January 2007, has been exceedingly successful at it. No-one knows how many computers Storm controls, but guesses range from 1 million to 50 million, or more. So many that the combined computing power is estimated at more than the biggest, fastest, super-computer in the world. This collection of controlled computers is known as a botnet.

It all starts with an email arriving in your inbox. The subject title may seem very real, relevant, or even enticing. The subject changes, and has ranged from “A killer at 11, he’s free at 21 and kills again!” to “Fidel Castro dead”. Recently the emails have been offering free mp3s from Britney Spears, The Eagles and others. Lurking in the emails is a nasty little program that installs itself on your PC. The first thing the program does, is run through your email address book sending emails to everyone, in order to spread itself. Now your computer is a zombie.

You may notice the PC runs a lot slower than normal. That’s because your processor is being used to send thousands of spam emails. Maybe it is part of a denial-of-service-attack (DDoS) on a business, or government computer. DDoS is where millions of requests are sent to a computer acting as an Internet server. This volume of requests, all received at once, block real requests getting through, and eventually causes the server to fall over. This sort of attack was used recently against Estonia. You may end up paying for extra bandwidth because of the increased traffic.

The Storm Worm is described as being “patient, resilient, adaptive and invisible”. In attempts to thwart detection, it evolves every 30 minutes, making it difficult for virus detection software to find it. When the servers that control the botnet are discovered by researchers, their own computers become the victims of DDoS attacks, making it difficult to continue their research.

Rumours claim the enterprise is being offered for sale, or rent, to the highest bidder, either in whole or part. Whatever happens it’s scary. I imagine that the “owners” of the Storm Botnet are not worried who buys, as long as they get paid.

The main problem is that Windows is inherently insecure. This means that users end up paying extra for virus scanning software. This software must then be kept up-to-date, by downloading the latest virus signatures. If you want to make sure that your PC is not a zombie, update your virus signatures, and do a scan. Sometimes it may pay to do a complete re-install of Windows, and then install a firewall, and virus scanner.

A switch to an alternative operating system, such as Apple OS X, or Linux, would make it more difficult to become infected. Even these are not completely immune, there have been some rare reports of virus attacks on them.

In the end responsibility rests with you, the user, to be more aware of the consequences of having an unprotected system, and the effect that it has on everyone else connected to the Internet.