2008: Are you one of those people who
are getting several emails a day with "Journalists shot in Georgia"
in the subject line, and with a Georgia.zip file attachment? If so, don't open that that zip file,
because you are being probed by the Spawn of Storm. That's as in the Storm
computer virus, zombie computers and botherders.
the Storm virus (the first one to use this kind of news hook) last year with
There are several recent variants, like email alerts the appear to come from
MSNBC or BBC, many recent ones including a link to some Georgia or Olympics related
item. The original Storm virus was so named because the news hook was unusually
harsh Winter storms in Europe.
the publicity Storm got, and efforts to shut it down, the criminal gangs that
seek to grab control of your PC found that the Storm formula continued to work
if you just changed the news item. And so it came to pass that the spawn of
Storm mutated and continues to infect more PCs (usually with a trojan horse
program, that is used for things like DDOS attacks to shut down web sites in
The Storm computer virus had been spreading for
nearly two years now, grabbing control of PCs around the world. Storm was
believed to have infected millions of computers with a secret program that turned those PCs into unwilling
slaves (or "zombies") of those controlling this network (or botnet)
of computers. Many of you may remember
spam directing you to look at an online greeting card, or accompanied by pdf
files, or directing you to a site with pictures of a huge storm that hit Europe
a year ago (thus the name). That was Storm. When you try to look at the PDF
file, Storm secretly takes over your computer. But Storm tries very hard to
hide itself. All it wants to do is use your Internet connection to send spam,
or other types of malicious data.
Storm the perfect Internet weapon is how it has been designed to survive. The
Storm zombie does no damage to the PCs it infects, and simply sits there,
waiting for an order. Those orders come via a peer-to-peer system (similar to
things like Kazaa or Bittorrent). A small
percentage of the zombies spend short periods of time trying to spread
themselves, then turn off. This makes it more difficult to locate infected PCs.
Commands from the Storm operators are sent through several layers of zombie
PCs, again making it very difficult to identify where those commands come from.
Moreover, Storm operates as a horde of clusters, each of two or three dozen
zombie PCs. No existing methods can shut down Storm, although computer security
organizations have been able to limit the spread. In fact, all that will work to kill Storm is
to find the people running it, arrest them, and seize their access data. The
programmers who put Storm together know their stuff, and police in dozens of
country have cooperated to get their hands on them. The Storm owners were
traced to Russia, but the government blocked efforts to shut down the hacker
gangs are increasingly active in producing things like Storm, and, in the case
of China, so are government Cyber War operations. Russia is also believed to
rely on criminal hackers for help in carrying out Cyber War tasks, usually
espionage. Meanwhile, it's clear what Storm is up to. It has been launching
attacks at web sites involved in stopping or investigating Storm. This involves
transmitting huge quantities of bogus messages ,that shut down targeted web
sites (this is a DDOS, or distributed denial or service attack). The Storm
botherders are also advertising their botnet as available for the usual illegal
activities (various types of spam).
year, computer security researchers had an "oops!" moment when they
realized that their monitoring and investigative tools had led to
overestimating the size of the Storm botnet. Last year, it was believed that
the Storm botnet was the largest botnet ever seen. Because of that, it was
believed that the Storm network was capable of shutting down any military or
commercial site on the planet, or do some major damage in ways that had not yet
been experienced. There was the impression that there had never been anything
quite like Storm. But it turned out that Storm was only about a tenth of its
estimated size. That is, 200,000-400,000 zombie PCs. Still pretty formidable.
There are other botherds out there with 400,000 or more PCs, and they all are built
in a similar fashion to Storm. That's the scary part. Yes, Storm was not as big
as originally believed, but then it turns out that there are a dozen or more
Storms in the wild.
enemy of operations like Storm is the anti-virus software most people have installed on their
computers, and the computer security systems that are built into many
operations (especially Microsoft Windows). This security software is usually
updated automatically, and will not only detect Storm infections, but will also
clear them out (most of the time.) Most users have no idea that they were
infected by Storm, used as part of a botnet, then later disinfected.
Early on, it
was believed that Storm was owned by a
Russian criminal syndicate, but once more detailed proof was available, the
Russian government refused to cooperate, treating Storm like some kind of
secret military resources. And to the Russians, that's apparently what Storm
is. Meanwhile, the investigation indicates that the Storm crew have some
American members, and now the search is on for them, or any other non-Russians
who worked on Storm, and are not inside Russia.