RSS Feed for This PostCurrent Article

Storm Worm Dancing Past PC Defenses

David Utterm, Staff Writer 2007-02-01

Short life times for the , and a multitude of variants, have combined to be part of the reason why fighting them has become a difficult effort for security companies.

The Storm has been spreading over the Internet for weeks now. Emails hit inboxes with plausible Subject lines and innocent looking attachments. The next thing that happens to an unwary users is a system infection, launched by the file connected with those spams.

Security firm CommTouch said in its Outlook Report that four reasons have contributed to the continued spread of Storm:

• High Distribution Intensity: Storm-Worm attacks repeatedly in intense, high-volume waves. This substantial quantity ensures a wide distribution of the malware across the Internet.

• Vast Variant Quantity: Storm distributes a vast number of malware variants, over 7000 distinct variants on several days of the outbreak, and over 40,000 altogether during the report period. Since each variant or group of variants requires a different signature, it is impossible for anti-virus engines to keep up with this rapid-fire pace.

• Brief Variant Lifetime: The fleeting lifetime of each variant is two to three hours on average, and each variant rarely makes a second appearance during the outbreak. Since it takes several hours to develop a new signature or heuristic, and up to several days to distribute to end-users, these short-lived variants are typically out of distribution by the time traditional anti-virus defenses are available.

• Low Variant Volume: Each variant is distributed in relatively small quantities or instances. Since an AV vendor must be aware of a malware sample in order to analyze it in its laboratory, distribution in low numbers often enables the malware to “fly below the radar” of the traditional anti-virus engines.

With the RSA Conference coming up, we chatted with Marc Maiffret, CTO and chief hacking officer at eEye about these topics. It’s a condition of being online that has to be addressed, and he believes that the newest version of his company’s newest edition of Blink will be suited to handle this.

OSA Editorial Comments:

This goes back to my main issue, that we not punishing Cyber Criminals and until we start to say: “enough is enough” or scream out from the rooftops that “Were not going to Take IT Anymore!!”

We as an Internet family have to band together and force politicians, the Federal Government, and International leaders to make changes in how we treat Cyber Criminals.

If we don’t start NOW! Then nothing is ever going to change and it’s only going to worse, with each new threat our becomes something we can’t protect anymore and then we truly are all Victims!

Get “7? Fraud-Prevention DVDs
No Charge, No S/H, No Strings!

Your Online Security Authority
Bill Wardell

Subscribe with Bloglines

OSA Socializer

OSA Trackback URL

Post a Comment

Add Me As a Friend



OSA Gang

Blog Marketing
Jack Humphrey's blog marketing, social marketing, and link building tips.

The Publicists Assistant
We are experienced in helping clients receive the Online Publicity and Radio Publicity they deserve. Since your success determines our success, we are dedicated to bringing you RESULTS!

Recent Peeps

OSA Highlights

Submit Blog & RSS Feeds

OSA & CHW Radio