– fordi tiden kræver et MODSPIL

05. Oct 2007

Storm - en Windows-virus, man ikke kan få bugt med

En af de største trusler lige nu mod datasikkerheden på Windows er "Storm", end virus, der breder sig og formerer sig i et tempo, man ikke har set tidligere.

Sikkerhedseksperten Bruce Schneier skriver:
Although it's most commonly called a worm, Storm is really more: a worm, a Trojan horse and a bot all rolled into one. It's also the most successful example we have of a new breed of worm, and I've seen estimates that between 1 million and 50 million computers have been infected worldwide.

Old style worms -- Sasser, Slammer, Nimda -- were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they're different. These worms spread more subtly, without making noise. Symptoms don't appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.
Hvad kan der gøres?

Schneier er pessimist:
Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it. Inoculating infected machines individually is simply not going to work, and I can't imagine forcing ISPs to quarantine infected hosts. A quarantine wouldn't work in any case: Storm's creators could easily design another worm -- and we know that users can't keep themselves from clicking on enticing attachments and links.

Redesigning the Microsoft Windows operating system would work, but that's ridiculous to even suggest. Creating a counterworm would make a great piece of fiction, but it's a really bad idea in real life. We simply don't know how to stop Storm, except to find the people controlling it and arrest them.

Unfortunately we have no idea who controls Storm, although there's some speculation that they're Russian. The programmers are obviously very skilled, and they're continuing to work on their creation.

Oddly enough, Storm isn't doing much, so far, except gathering strength. Aside from continuing to infect other Windows machines and attacking particular sites that are attacking it, Storm has only been implicated in some pump-and-dump stock scams. There are rumors that Storm is leased out to other criminal groups. Other than that, nothing.
Hvis din computer er inficeret med Storm, er den del af et "botnet", der bl.a. er blevet brugt til kriminelle angreb mod sikkerhedsfirmaer som f.eks. disog.org, og som reelt betyder, at de har hånd- og halsret over computeren og fuld adgang til alle ukrypterede data.

The end of Windows?

Hvis det ikke lykkes antivirusfirmaerne at få knækket denne nød, kan det i alle tilfælde ende med at drive al kritisk EDB-brug enten væk fra Windows, eller også Windows væk fra Internettet - som Schneier antyder, udnytter Storm nogle huller i Windows' grundlæggende design, som ikke findes i UNIX-varianter som Linux, FreeBSD og Mac OSX.

Hvilket er endnu en ting at tænke over, hvis man går og spørger sig selv, om Linux måske var noget at satse på.