The Storm Worm turns one year old.

30 January 2008

The Washington Post ran an interesting article about the one-year anniversary of the release of the Storm Worm botnet agent about two weeks ago, possibly the most successful and virulent malware agent yet released on the Net. The Storm Worm beastie is unusual in that the botnet is a decentralized collective, i.e, all of the infections don't report into a single C&C channel but instead use a peer-to-peer networking protocol (a variant of the eDonkey protocol, specifically), so it can't be killed by taking down a single server. It is also interesting because updates are periodically released for infective agents in the field, sometimes several times a day, and these binary modules upgrade, replace, or add functionality. While the Storm botnet is a formidable threat to information security it is by no means unstoppable. It's also come out that one Dmitri Alperovitch, Director of Intelligence Analysis and Hosted Security for Secure Computing of San Jose, California is working with federal law enforcement officials on this case. They think that they've figured out who was responsible for the development of the Storm agent, and are at this time trying to figure out how to bring the developers to justice. It isn't looking good (or even likely) because Russian law enforcement refuses to play ball with US law enforcement. There are rumors floating around that the Russian government (which has its share of ex-KGB agents who've come in from the Cold War) is actively protecting organized crime outfits for any number of reasons (chief among them the fact that organized crime is probably propping up a fair whack of the Russian economy, or so the rumors go) among them the crew that developed Storm.

As with most attacks from outside of the country, regrettably, it doesn't look like the long arm of the law will reach far enough to nab the perpetrators.