Storm Worm ?

John Teller jsteller at
Tue Oct 16 21:28:47 CDT 2007

It's a typical bit of yellow journalism, filled with phrases like "it is 
nearly immune to defense, suppression, or eradication", which only serve 
to increase the reader's fear factor purely for the author's benefit.  
It reads like a freshman term paper - the author's use of made-up words 
like "Superempowerment" and stumbling syntax make it hard for me to 
believe he is doing any more than regurgitating a bunch of poorly 
researched buzz words.

This trojan is not new - it's at least 10 months old.  The ability to 
change itself in order to disguise its whereabouts has been standard 
practice since the Brain virus, which made its debut back in 1985.  It 
is not undetectable, as it mucks about with the registry and a couple 
.ini files in order to keep track of what's running and victims of its 
DDoS attacks.  It uses standard spam/phishing techniques in an attempt 
to distribute itself to as wide an audience as possible.  In short, 
there's nothing new about it - certainly nothing that would induce any 
reasonably informed reader to panic.  The only item of note is that it 
seems to be written by someone with a modicum of ability in the coding 
arena.  For instance, its management of the resources it consumes on the 
host computer in order to maintain a low profile until activated shows 
some careful thought went into its design.  Also, it takes advantage of 
some of the DNS and P2P tricks botnet operators use to hide their 
control servers, which shows its creators are up on the current state of 
the art.  But the main reason for its success is that the operating 
system it parasitizes is not only the world's most popular, it is also 
the world's most vulnerable.

--- JST

Andre Kesteloot wrote:
>     From "Global Guerillas"
> Gang,
> Comments ?
> 73
> André N4ICK
>     *************************

More information about the Tacos mailing list