In Sunday's Observer, John Naughton's regular column (it's in the Business section, if you're wondering) this week tackled the Storm worm:
It first appeared at the beginning of the year, hidden in email attachments with the subject line: '230 dead as storm batters Europe'. The PC of anyone who opened the attachment became infected and was secretly enrolled in an ever-growing network of compromised machines called a 'botnet'...
Storm has been spreading steadily since last January, gradually constructing a huge botnet. It affects only computers running Microsoft Windows, but that means that more than 90 per cent of the world's PCs are vulnerable. Nobody knows how big the Storm botnet has become, but reputable security professionals cite estimates of between one million and 50 million computers worldwide. To date, the botnet has been used only intermittently, which is disquieting: what it means is that someone, somewhere, is quietly building a doomsday machine that can be rented out to the highest bidder, or used for purposes that we cannot yet predict.
Key things about Storm: it's a peer-to-peer controlled system; infected machines only do things very occasionally, so the effect is hard to notice (unlike earlier viruses/worms, which were more like Ebola - you really knew your machine had been hit). And it may contain keyloggers watching what you're up to and where you go.
'If it were a disease,' says one expert, Bruce Schneier, 'it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will come back years later and eat your brain.'
For instance, it will send 1,800 spam emails in a five-minute period - and then stop. (Secureworks has some more detail about what it does inside your machine.) Another data point not mentioned in the article: there have been dozens, hundreds of variations of the worm. It keeps changing: you can't be certain that your antivirus program will detect it. (Judging by what I've been reading, at least.)
Time magazine calls it "the worm that roared", but actually it's not like that. It's the worm that's sitting there doing nothing very much, as far as we can tell. Schneier, in an article for Wired, says he's "worried about what Storm's creators are planning for Phase II."
An interesting post from Spamnation, back in April, who found someone who had not only applied the worm - disguised as a "patch" - to her machine, but then forwarded it:
It so happens that I know the person who did this. She is highly intelligent, an acknowledged leader in her field, with tremendous practical experience earned over many years of living in different cultures. She is unquestionably nobody's fool. Yet all it took was one little email marked "ATTN!" and she was ready to not only compromise her own machine but to do the virus-writer's work for him by forwarding the message on to her co-worker, advising them to do the same. You couldn't scam this woman in the real world, but on the Internet she's the easiest of marks. Something about technology seems to just switch off people's defences.
How do we solve this? As the man said when asked for directions, "I wouldn't try to go there from here." Solving Windows security issues always seems like that to me, I confess.
