This is one to watch. And didn’t I warn you? The “Storm Worm” (as dubbed by F-Secure), which started in Europe during the onslaught of a real storm, has spread all over the world, affecting more home computers than business computers due to the fact that most businesses block attachments to emails (see “‘Storm Worm’ Trojan horse surges on” by Tom Espiner, Special to CNET News.com). People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners’ knowledge.
The attachment is an executable file that opens a backdoor in a Windows XP PC and installs a rootkit (not unlike the infamous Sony rootkit) that hides the malicious code. The compromised PC becomes a zombie in a network called a botnet. While many botnets are centrally controlled and can be brought down by destroying the central server, the Storm Worm botnet acts like a peer-to-peer network with no central control.
According to the CNET News.com report, antivirus vendor Sophos called Storm Worm the “first big attack of 2007,” with code being spammed out from hundreds of countries.
Is Microsoft mobilizing its forces to stop these botnets? Not really. In the reality distortion field created by Microsoft that covers most of the planet, everyone should be merrily switching to Vista. So Microsoft is moving quickly to capture the antivirus share of the global Vista market with OneCare.
Think you can give your Windows XP PC shelter from this storm? Good luck with that.