Tuesday, January 23, 2007

"Storm Worm" Trojan Claims Many Victims

On Friday I posted a warning about the "Storm Worm" Trojan attack. I hope all of my readers heeded the warning and avoided any infected emails they may have received. But apparently many others were tricked into allowing the trojan to infect their home PCs. According to c|net:
F-Secure said that hundreds of thousands of home computers could have been affected across the globe.

Once a user downloads the executable file, the code opens a backdoor in the machine which that it to be remotely controlled, while installing a rootkit that hides the malicious program. The compromised machine becomes a zombie in a network called a botnet. Most botnets are currently controlled through a central server, which--if found--can be taken down to destroy the botnet. However, this particular Trojan horse seeds a botnet that acts in a similar way to a peer-to-peer network, with no centralized control.

Each compromised machine connects to a list of a subset of the entire botnet--around 30 to 35 other compromised machines, which act as hosts. While each of the infected hosts share lists of other infected hosts, no one machine has a full list of the entire botnet--each has only a subset, making it difficult to gauge the true extent of the zombie network.
Be careful people. Don't be assimilated. Resistance is NOT futile.