Storm worm comes much more refined
The new features in the Storm worm botnet are able to beat security defenses by launching denial of service attacks when the defenses try to prevent the botnet's operation.
The worm is capable of identifying users who try to investigate its control and command servers and it fights back by attacking them with DDoS operations that stops them from accessing the Internet for several days, according to Josh Korman who is the architect of host protection for IBM/ISS. Korman also steered a session on Internet threats attacking networks, at the Interpol conference in New York during the week of October 22, 2007. PCWorld published this in news on October 25, 2007.
An issue that remains unclear is whether these counter attacks take place automatically from the corrupt system or botnet herders launch them manually. However, one thing is clear that the malware behind the malicious operation is evolving.
The latest development in the worm is that instead of disabling the anti-virus programs, the malware sweeps past under the radar of the security defenses without being detected. That means although the anti-virus runs, it does nothing, Korman explained. The Register published this in news on October 25, 2007.
The Storm malware first came on the scene in early 2007, concealed in attachments within e-mails that displayed the subject title as "230 dead as storm batters Europe". Those users who clicked on the attachment had their computers infected and added to the continuously expanding network of zombie PCs known as a 'botnet'.
Meanwhile fraudsters have stepped up their tactics during the past few months. For instance some e-mails pushing the malware carry fake YouTube links. In other cases, hackers have used the worm to lead users to malicious websites via login verification spam or phony e-greeting cards. In all the cases the method of attack is more or less same.
Recently the Storm worm has been interrupting applications as they start up, or just cause them to shut down.
Korman thinks the malware is getting increasingly serious not as in its current form but where it is heading to. PCWorld published this in news.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 13-11-2007