Bruce Schneier in the recent edition of Cryptogram gives a fascinating and scary insight on the Storm worm (aka Nuwar, Zhelatin, etc.).
The key point is that Storm is much more than a nuisance — it is also a mechanism to distribute botnet software to deliver spam and is written by skilled hackers seeking profit.
Key features of Storm:
- While most servers do spam delivery work, a number operate in command-and-control mode. This works as a peer-to-peer network, with no central node to take out. This makes it much harder to destroy than older botnets.
- The command-and-control servers hide by use of address changing techniques.
- Storm’s delivery mechanisms and email mechanisms morph, making it harder to track, and hitting different sets of users.
- As well as delivering spam, the Storm botnets are also being used to generate denial-of-service attacks on those trying to track it down.
- It works slowly and does not consume enough resource to be noticed. This makes it much, much harder to detect than more traditional aggressive worms that are highly visible.
The money quote from Schneier:
If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.
This is scary stuff, and unfortunately we are going to see more of it.
Some more detailed analysis at: