Storm worm botnet threatens national security?

Storm worm botnet threatens national security?

Summary: In just eight months the Storm worm has infected more than 20 million computers and built a zombie army -- or botnet -- capable of launching DDoS attacks that could be used against any organisation or even damage critical infrastructure, according to security experts.

SHARE:
TOPICS: Malware, Security
0

In just eight months the Storm worm has infected more than 20 million computers and built a zombie army -- or botnet -- capable of launching DDoS attacks that could be used against any organisation or even damage critical infrastructure, according to security experts.

The Storm worm was first seen in January of this year. Initially the worm spread as an executable file attached to an e-mail disguised as an electronic greeting card. However, Storm has constantly changed its tactics and was recently caught fooling victims into clicking on links that lead them to an infected file.

According to antivirus firm Sophos, almost seven percent of all spam last week seemed to be related to Storm worm activity -- much of it greeting card related. The United States Computer Emergency Readiness Team (US-CERT) last week warned Web users about the Storm worm which, it said, is "currently on the rise".

The Storm worm's build-up has concerned managed service security vendor SecureWorks, which recently speculated that the computers under Storm's control could be used to bring down virtually any online property.

The company has reported that in the four months leading to August 2007, Storm worm infections increased from 71,342 to over 20 million.

IBRS security analyst, James Turner said the Storm worm worked by changing its configuration through peer-to-peer networks rather than an IRC channel and that its distributed nature would make the resultant botnet particularly difficult to contain.

Joe Stewart, senior security researcher for SecureWorks said: "We don't know the motive of the Storm author; however ... it could be that the hacker is rapidly building up the botnet so it can be leased to other hackers so that they can launch massive attacks against whatever target they choose: an organisation, country, etc."

Is Storm the weapon of cyberwarfare?
Alexander Gostev, senior virus analyst at Kaspersky said that international disputes are spilling over to the Internet, which means world leaders, for the first time, are seriously discussing the possibility of a "cyberwar".

Cyberwars between countries, which involve only Internet-based attacks on critical infrastructure and government services, could be waged using malware such as the Storm worm, according to experts who analysed the recent DDoS attacks on Estonia.

Internet attacks are not recognised by NATO as a form of military action and therefore cannot be used as a justification for a military response. However, this April, Estonia experienced a series of massive distributed-denial of service (DDoS) attacks on its government Web sites.

The attacks seemed to follow a decision to remove a monument dedicated to Soviet soldiers. Over the next two weeks 128 DDoS attacks were unleashed on Estonia's police and government Web sites, which also affected its Internet services.

The Estonians accused the Russian Government of using its notorious secret service to launch the cyber attack.

This may not be the first time international disputes have resulted in attacks on government Internet services but according to Kaspersky's Gostev, this was the first time a government has accused another of cyberwarfare.

In the hope of roping in its NATO allies, the Estonian Minister of Defence, Yaak Aaviksoo, called on NATO to amend its agreement on military protection to recognise the attack as a form of military action or "cyberwar".

The Estonian Government was ultimately unable to prove its claim that one of the several attacks could be traced back to a Russian government IP address but Gostev said this result is not surprising: the problem with the notion of cyberwar is that it is very difficult to prove.

Gady Evron, an Israeli security expert who conducted a post-mortem on the Estonian attacks said: "I don't think it was Russia, but how do you prove that? The Internet is ideally suited for plausibly refuting anything."

Kaspersky's Gostev said the DDoS attack may have been the result of malware that was distributed to thousands of impassioned citizens cum voluntarily cyber soldiers to launch an attack against an opposition government.

Topics: Malware, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion