The Storm Worm Botnet

What's the most powerful computer in the world? The IBM's BlueGene/L supercomputer? Sort of.


The Storm of the Century
The world is abuzz with a new threat that's spreading over the Internet. The Storm Worm has infected more than a million computers and now created a vast network of computers, or botnet (robot network), with the power to dwarf the world's fastest supercomputer, the IBM BlueGene/L. With the power of millions of computer, amounting to a million CPUs and petabytes of RAM, the worm could knock could easily knock out a website or a server at the command of a single individual (bot herder).

The Storm worm infects computers by tricking the users into running the worm. It arrives as a harmless spam email attachment. However, the contents of the email message may contain a message that compels the user into opening the attachment. This is also why the worm was called the Storm worm. When the worm first appeared, the email message it contained was about a storm in Europe, with a 'video' attachment for the said event. The recipient of the email may open the attachment, hoping to see clips of the storm's devastation, but instead launching the virus.

Perhaps the most notable trait of the worm is that it changes the email message it sends. For example, the worm sent out email spams containing advertisements for a anonymous-surfing internet browser called Tor, which is a genuine web browser. The worm sent an email that used actual text and images from the actual Tor website. However, clicking the download link and installing the program downloaded (tor.exe) will install Storm. It also used to send fake e-greeting cards, and during the peak season of football, sent email containing the team's football scores as the attachment.

Once the Storm infected the computer, it defends itself. If the Storm is scanned or gets detected, it sends a message to some, or even all, of the botnet to send garbage to the victim. The stream of garbage is often enough to knock a website offline or take down the victim's internet connection. This is called DDoS, or Distributed Denial-of-Service attack. It's even sneaky when it does that, as the flood of garbage is sent not from within the network or the same IP address. That will make the attack look like it came from somewhere else.

The Storm became so popular it even has a video in YouTube. Comments from the site even said the worm came from aliens and extraterrestrial life.

My advice, always have a good antivirus and firewall installed in your computer. Also, refrain from using older software, like Internet Explorer, Adobe Reader, or even WinZip, as the worm exploits the vulnerabilities in these old programs.

Story:
Copyright 2007 Sonicsoft Corporation
All Rights Reserved