Jan 23, 2007

No, Your Cousin Pookie Isn't Sending You His Weather Forecast

Hundreds of thousands of home computers have been hit by the "Storm Worm," a piece of malicious little code that's been spreading like restless legs syndrome (yes it's contagious) because apparently computer users will open e-mail attachments if they feel it will give them some good information about a recent bout of severe storms in Europe. Here's CNet giving us the big picture on what's going on:

Once a user downloads the executable file, the code opens a backdoor in the machine which that it to be remotely controlled, while installing a rootkit that hides the malicious program. The compromised machine becomes a zombie in a network called a botnet. Most botnets are currently controlled through a central server, which--if found--can be taken down to destroy the botnet. However, this particular Trojan horse seeds a botnet that acts in a similar way to a peer-to-peer network, with no centralized control.
Each compromised machine connects to a list of a subset of the entire botnet--around 30 to 35 other compromised machines, which act as hosts. While each of the infected hosts share lists of other infected hosts, no one machine has a full list of the entire botnet--each has only a subset, making it difficult to gauge the true extent of the zombie network. As complicated as all that sounds (botnets and rootkits do sound like some type of killer robot), the truth is that this whole situation is easily preventable. Short of entirely shutting off e-mail (you might as well kill us!), all it takes is a little vigilance. Stop opening e-mail attachments.
Even if the sender is someone you know, their e-mail client could be compromised. Simply never ever open an attachment that you aren't 100% expecting to receive. If an email seems out of ordinary, delete the message completely or ask the sender what it is. I know this sounds obvious, but when hundreds of thousands of computers are being turned into spam-spewing zombies, you have to wonder what people are thinking when they fire up the ole' e-mail box.

No comments: