Business

Worm worries

Wired:  Nobody quite knows what threat the Storm Worm offers to the innocent users and the overall stability of the Net

Danny O'Brien
Fri Nov 23 2007 - 00:00

Wired: Nobody quite knows what threat the Storm Worm offers to the innocent users and the overall stability of the Net. We know a few things: we know that the Worm sneaks its way into computer users' PCs by masquerading as an innocuous e-mail attachment, writes Danny O'Brien.

Once it's clicked upon, it squirrels away in the depths of the machine unnoticed, commandeering the machine for use by cyber-criminals.

Because of the way Storm is engineered, we don't know much more than that. It has no central controller, and accepts new commands by receiving them from its Storm-infected peers. New Storm payloads are verified from cryptographic signatures, so no one else can fake being Storm's master - but neither can anyone discover who the identity of this sinister figure might be. Analysts suspect Russian criminal gangs.

Whoever it is, they have wielded, and perhaps still do, a terrifying arsenal of computer power. Estimates of the maximum extent of the Storm Worm "botnet" (a network of remotely-controlled "robot" PCs) have varied from two million to 10 million. Each one of the full capacity of those machines could, if Storm's controllers wanted, be used for any task.

READ MORE

Security professionals point out that Storm's captive processor power could be included in the top 10 list of the world's most powerful supercomputers; at full strength, it might even have had more power than the top 10 computers combined.

It's a little hard to imagine petty criminal acts that you could do with such a monster device, which may explain why the Worm has subdivided itself over time. Now different parts of the network respond to different commands, implying that its owners are parcelling it out to other buyers.

As so often is the case with criminal escapades, Storm has been put to rather unimaginative uses so far. Worm-infected computers act as spam-relays for stock market scams; they also spend much of their time trying to infect other machines with the same Storm code.

A few more sinister applications have been spotted: researchers have noted that those who probe too carelessly into the command structure of the Storm Worm receive a swift punishment.

Parts of the network are told to conduct "distributed denial of service" (DDoS) attacks on the researchers' computers, essentially forcing them off the internet by drowning their upstream connections with too much data.

Even as I write this, I'm aware of how Nineties Corny Cyberpunk Tech Drama it sounds. A supercomputer that defends itself from attack?

Russian gangs attempting control of millions of users on the Net? Despite the concerns of those charged with defending the Net, Storm seems happy to sit siphoning off millions from the pettiest of crimes.

The latest news is that the Storm is breaking: patches from Microsoft, and fast-acting anti-virus software is containing its spread. Of course, without more serious attempts to fix the security problems in Microsoft and other software, we can only wait for the next warning.

What's fascinating to me about this whole story is seeing just how much Storm was doing, and could have done, with collections of humble home computers. At various points, the Worm would send out e-mails to millions of others, linking them to websites that offered the payload.

The e-mails were sent out by home machines. The websites were hosted on home machines. Even the domain names were created and managed by home machines, acting independently to spring up thousands of impostor websites, and then flicking them quickly between Storm-infected hosts so that anti-spam software couldn't blacklist them.

Mailing, website hosting, domain names management, collective processing, file distribution - all from your own PC and friends. It reminds me of what the promise of the Internet was, originally: not as a network where your PC was a dumb browsing device, but where it was an equal player among all the other nodes of the Net.

Just like the Storm creators, we can do all of these things for free from our home PC - and we can do it legally, because we bought those computers and paid for our bandwidth. And yet our desktop software fails us; we end up giving webhosting companies, software and Web 2.0 companies our advertising attention and our subscriptions to outsource this work to their server farms.

Why is it that the Storm criminals make better use of the edges of the Internet than we do? Why is there all of this fallow processor power waiting for them to plunder? Why can't I use my computer as efficiently for my gain as a stranger can use it for theirs?

Criminals are very good at finding the loopholes, the strategic errors, the gullible mistakes we all make, and taking advantage for them to squeak an extra penny or two for themselves. Perhaps the best way to stop such criminals exploiting innocent Net users is for us to realise that the current system exploits them too: hiding from the power that they have at their very fingertips.

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning