Storm Botnet News

by Andy on January 19th, 2009 in Comment.

In case you missed this bit of security news last week, according to Heise Security ...

"A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed."

Analysts attempting to traverse the Storm botnet without being detected has proven it to be complex - discovery usually leads to a DDOS attack on the researcher. Having carried out such research covertly and claiming that the botnet can be rapidly taken down is highly significant in terms of the resultant reduction in spam levels and ability to carry out DDOS attacks.

Microsoft's attempts to disrupt the botnet with the Malicious Software Removal Tool, while not definitive, are proving successful. Malware analysts and observers far and wide welcome the news that these researchers have gone one step further by announcing it is theoretically possible to fatally damage the Storm botnet with a single strike.

But, the researchers have noted that there are legal concerns involved in the solution. It's ironic that a single strike that has the potential to take the Storm botnet down from the inside is punishable under German law (and the same may be true in other parts of the world, as well). The Storm botnet is so significant that most people would agree that, when it comes to permanently disrupting it, the end justifies the means. This particular situation gives rise to an ethical dilemma but, ultimately, using illegal methods is not acceptable, however frustrating it may be. Still, even if the researchers are not able to deploy this solution, the data gathered from this research will take us a significant step towards combating and defeating Storm.