EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

CyTRAP Labs forecast about malware – cyber immunodeficiency virus (CIV) the digital version of HIV?

November 14th, 2007 · No Comments ·

Related stories:

Biological viruses make us sick – how they differ from the digital menace

We should be careful about malware and how it is developing
The Storm worm could be compared to a disease, whereby similar to the human immunodeficiency virus (HIV) its symptoms may be mild or disappear altogether for a period of time, unfortunately, they could eventually come back and result in the patient having acquired immunodeficiency syndrome (AIDS).
We tell you, what the internet has in store for you using the Storm Worm (Click on link – choose option Login as guest – click on this link again and you get defintion – fast and easy) to illustrate where we are heading with the cyber immunodeficiency virus type of malware.

Some people call the Storm worm a Trojan Horse, others say it is a worm.However, most people agree that it creates botnets, especially of the fast-flux (Click on link – choose option Login as guest – click on this link again and you get defintion – fast and easy) type. This is explained in more detail here:malware – worm called storm 1 Click on link – choose option Login as guest – click on this link again and you get defintion – fast and easy

malware – worm called storm 2

WHAT IS THE STORM WORM TEACHING US

Unfortunately, we do not have a good idea how to eliminate this menace since the Storm worm has been around for more than a year and the anti-virus vendors are still battling it.

Inoculating each home or corporate users machine individually is just too cumbersome, costly and probably not viable. Even the Cyber Clean Center – Japan‘s service for home-users might not be able to cope with the number of systems that would have to be quarantined by particpating ISPs in case of a massive Storm worm attack:

4 user empowerment and botnets – Japan’s Cyber Clean Center – a pragmatic approach

In fact, once an infected computer is cleaned, Storm’s creator(s) can easily release a new variant (see also NOAH the European Network of Affined Honeypots research project)

Users will probably not be very successful in keeping themselves from clicking on attachments that look very authentic (e.g., business associate) in having a business letter attached as a pdf file — before checking with the party if he or she really sent it.

And things do not look any brighter thanks to Windows Vista. At this stage, experts have no remedy or inoculation against something similar to the Storm epidemic. Neither does anybody seem to know exactly who the culprits are except for some speculation.

And while the STorm worm seems to be doing little besides maybe promoting some scams using its spam mechanisms, what do the creators plan for phase 2?

CONCLUSION

Storm-Worm is yet another example of the latest email-borne malware trend. It has all four characteristics of a well-established server-side polymorphic malware and 1 self-defense mechanism :

1 Storm-Worm is a massive outbreak that continuously hits for weeks, uninterrupted

2 Storm-Worm uses vast amount of distinct malware variants

3 Storm-Worm variants circulate in low volume

4 Storm-Worm variants are short-lived and hardly ever recur

On top of it

5. Storm network has a built-in self-defense mechanism, a sort of digital booby trap – it is designed to launch a massive denial-of-service attack against any Internet address it detects as the source of scanning activity intended to detect irregular network activity.

Numerous variants are known of the Storm worm and it goes by Mitre.org’s Common Malware Enumeration (CME-711 – 2007-01-20 last entry on the list) CME number:

CME-711

More info here – malware – storm worm – 11 characteristics that make the difference

For these reasons, one could conclude that we are moving toward a malware – classification scheme (Click on link – choose option Login as guest – click on this link again and you get defintion – fast and easy) that must include a class or type of malware that we could call:

malware – computer immunodeficiency virus (CIV)

Next week we bring:

CyTRAP Labs forecast about malware – acquired cyber immunodeficiency syndrome – ACIDS the digital version of AIDS?

SUBSCRIPTION

To stay informed about new trends and threats, why not personalize your subscription to some of our news via e-mail, daily alert, newsletter and/or RSS feed that can make a real difference in your work:

advisory, zero-day exploits and intell

Stay better protected.



|

→ No CommentsTags: attacking · continuing · creators · defintion · infected · storm · ‘quarantine’