 | November 2, 2007
A Storm is brewing
 Jason is a writer and web-designer for Rogers. He's still running Windows XP, but only because "Hello Kitty Island Adventure" doesn't run under Vista.  Email Jason
The e-mail message probably looked like any other message that you get from one of your friends. "230 dead as storm batters Europe" it read, and there was a video attached.
Pray you didn't watch it.
The video is not a video. The "video" is a file that contains one of the slipperiest and most tenacious viruses the online world has ever seen: The Storm Worm.
So what is the Storm Worm, and what makes it so special? The Storm Worm is a collection of virus technologies. It doesn't do anything new, but rather does a number of old things together, and very well, and that is what makes it so difficult to pin down.
Viruses, trojans and bots, oh my!
Malware is any kind of software that has a malicious purpose, and all viruses, worms, bots and Trojans fall into this category, but each is different.
A virus is a program that attaches itself to another computer program, like a word processor or even the operating system itself, and then erases or damages files on that computer.
A worm is basically a network virus. Like a virus, a worm will try to replicate and spread itself, but a worm doesn't need to attach itself to another program, and is more harmful to a network itself as opposed to the individual computers on it.
A bot (short for robot) is a program that installs itself on your system and then attempts to establish communication with its creator or other computers. This is done invisibly and can result in your computer being used for activities such as sending spam email without your knowledge. A collection of many computers connected together through bots is called a botnet, and each computer on the botnet is known as a zombie.
A Trojan horse is more a method of delivery. It describes viruses, worms or bots that arrive by email, sometimes from friends, and entice you into opening them, at which point they install themselves without your knowledge. A good example is the email offering free screensavers with the "screensaver.scr" file attached. Are there really screensavers in that file? I'm betting no.
The Storm Worm mimics aspects of all of these. Like a virus and a worm, it attempts to spread and replicate itself; it uses a Trojan horse style of delivery to install its payload, which is a bot that attempts to establish control of the target computer and turn it into a zombie. As soon as you decided to watch that video, you turned your computer into a tool that's working for someone else behind your back.
The biggest difference between Storm and most other bots is that there is no central control computer. The botnet created by Storm acts more like a peer-to-peer network, making it very difficult to find the creator, or even determine the size of the botnet. Some have speculated that there are between 1 and 10 million computers infected by Storm - all connected and communicating together without their owner's knowledge. Do you want your computer to be part of an invisible network that sends out spam for cheap pharmaceuticals? I didn't think so.
Don't get bitten...
So what can you do to find out if you have the Storm Worm, and if you do, get rid of it? And how can you keep from getting it in the future?
Any reputable anti-virus software should be able to find and remove Storm, but it's vitally important to make sure you have up-to-date virus definitions. Like a real virus, the Storm Worm is mutating - some say as often as every 30 minutes - so if you don't have the latest virus definition files for your anti-virus software, it can't do its job properly.
If you don't trust your anti-virus software and want to be absolutely sure, or just want to try manual detection and disinfection for kicks because that's how you roll, check out the F-Secure page on the Storm Worm. There's a lot of great information there along with manual detection and disinfection tools. Be careful though, the procedures aren't for novices.
The most important thing to remember, and I can't stress this enough, is to always be careful when reading e-mail:
1. Turn off any preview panes that automatically display an e-mail message when you click on its subject line.
2. If you don't know the sender, don't open the message, let alone any attachments.
3. Even if you know the sender of a message, always use your anti-virus software to scan any attachments. Never trust that they're safe to open.
Us email users complain about spam, but we need to be doing our part to help curb spam by using email more responsibly. The fewer computers that become infected with bots like these, the fewer computers there will be to send out spam messages in the first place. Keep your virus software up to date, scan your email attachments and use a little common sense, and not only will you keep your own computer safer and more secure, you'll be helping to make the Internet a little better for you and everyone else.
|
|
|
