Storm Worm ?
jsteller at spottydog.us
Tue Oct 16 21:28:47 CDT 2007
It's a typical bit of yellow journalism, filled with phrases like "it is
nearly immune to defense, suppression, or eradication", which only serve
to increase the reader's fear factor purely for the author's benefit.
It reads like a freshman term paper - the author's use of made-up words
like "Superempowerment" and stumbling syntax make it hard for me to
believe he is doing any more than regurgitating a bunch of poorly
researched buzz words.
This trojan is not new - it's at least 10 months old. The ability to
change itself in order to disguise its whereabouts has been standard
practice since the Brain virus, which made its debut back in 1985. It
is not undetectable, as it mucks about with the registry and a couple
.ini files in order to keep track of what's running and victims of its
DDoS attacks. It uses standard spam/phishing techniques in an attempt
to distribute itself to as wide an audience as possible. In short,
there's nothing new about it - certainly nothing that would induce any
reasonably informed reader to panic. The only item of note is that it
seems to be written by someone with a modicum of ability in the coding
arena. For instance, its management of the resources it consumes on the
host computer in order to maintain a low profile until activated shows
some careful thought went into its design. Also, it takes advantage of
some of the DNS and P2P tricks botnet operators use to hide their
control servers, which shows its creators are up on the current state of
the art. But the main reason for its success is that the operating
system it parasitizes is not only the world's most popular, it is also
the world's most vulnerable.
Andre Kesteloot wrote:
> From "Global Guerillas"
> Comments ?
> André N4ICK
More information about the Tacos