Peaches Posted January 14, 2009 Report Share Posted January 14, 2009 Storm worm smackdown as researchers unpick control systemBut legal fears may kibosh clean-upBy John Leyden A team of security researchers have developed a technique for automatically purging the remnants of the Storm worm infection from the internet. But the approach - which involves turning the botnet's command and control system against itself - could run foul of computer hacking laws in Germany and elsewhere, which ban the modification of computer systems without consent.Nonetheless, the work of the team from Bonn University and RWTH Aachen University have advanced knowledge about how botnets (networks of compromised zombie PCs) are established and maintained that could advance the development of more acceptable tracking and take-down techniques.The analysis of the infamous Storm worm botnet by Georg Wicherski, Tillmann Werner, Felix Leder, and Mark Schlösser established that the network of compromised machines established by the Storm worm is far less resilient than previously suspected, Heise Security reports.PCs compromised by Trojan agents associated with the Storm worm turned compromised machines into zombie drones under the control of hackers. These hackers (or bot-herders) issue commands to compromised machines through control servers. If connection with a control server can't be established, then zombie clients use P2P techniques to locate other control servers. Agents spreading the Storm worm first appeared two years ago, posing as information on the storms ravaging Europe at the time. In the months that followed, infectious agents adopted a variety of guises, such as greetings cards.Microsoft's Malicious Software Removal Tool made big inroads into cleaning up infected systems. The steady stream of new email baits designed to recruit fresh marks into the Storm Worm botnet has dried up of late, another factor that means the number of clients in the Storm Worm networks has shrunk to a fraction of its previous high.More detail here:http://www.theregister.co.uk/2009/01/13/storm_worm_unpicked/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.