Storm worm unstoppable...

General Topics
1

Hi malware fighters,

It is extremely diificult to stop new evolving malware like stornworm, it works like an insect colony, maybe the only way is a new outlay of Windows or arresting those responsable for it:
http://www.schneier.com/crypto-gram-0710.html

polonus

2

This is a lovely peace of trash. From what I read, the only cure is to
format your system and start all over again. (Makes for a nice song title)

3

There must be another solution… we can’t wait until they arrest them…
Any suggestions? And from Alwil virus analysts?

4

Bob, the problem isn’t format your system. I can format my system without problems. But how can i know i am infected??

5

The problem is not so much with the storm worm but user education, don’t open attachments or click links in unsolicited emails.

As the Labour spit Government had as their slogan education, education, education, exercise good common sense even if the email comes from a friend or even yourself (a trick to combat spam filters, etc. as your email address is usually white listed), from addresses can easily be faked, so check, check, check and don’t take anything at face value.

This would seem to be a much less painful approach, prevention rather than cure, e.g. a format, which is way over the top as a suggested cure in any case.

6

Does it spread only by email attachment?

7

From what I read, also P2P. You know, “click on this link for…”

Curiousity killed the cat.

edited to add…I can’t remeber where I read that…

8

What Curiosity killed the cat ;D ;D

9

So, a downloaded file will do it… the problem is not only curiosity but any downloadable file… Better is having another solution for this mess… I mean, a better antivirus solution.

10

See my sig ;D

11

I’ve never noticed that before (in your sig), but I believe your are right!

12

i posted sometime ago nice analysis of the network http://forum.avast.com/index.php?topic=30445.0

anyway looks like Storm slowly moving to next phase

They now use a 40-byte key to encrypt their Overnet P2P traffic. This means that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks.

http://www.secureworks.com/research/blog/index.php/2007/10/15/the-changing-storm/

Spock would say “Fascinating…” ;D

13

Is Avast capable of detecting it or is it polymorphic or something?

14

Storm is polymorphic and got many concurent branches and it’s under active development (new features added all the time) …

and it’s very hard to track even if infection happens (hiding as best rootkits, mask itself into normal traffic, encrypted traffic, no system work interuptions etc)

15

Again, is it the only solution the formating?

16

But again, i can format easily,but, how can i know i am infected? :-\ ??? :o

17

Avast detects quite a lot of Sorm bu vairiant but no one knows if its missing some ???
You can check on the VPS Update list on the website, the actual “Avast” name for Storm is Zhelatin.

Al968