IT people, places and things that matter

Storm Worm: Malware at its worst

What's insidious, organized and retaliatory? The future of malware.

In the early days of 2007 a network attack began infecting computers using news of a deadly storm to lure victims into opening an e-mail with the subject line "230 dead as storm batters Europe" and a Trojan payload. Nearly a year later, the so-called Storm Worm and its variants have used the infected computers to create a massive botnet. Some say the botnet could be between 1 million and 50 million strong -- and available for lease to those looking to launch spam, distributed denial-of-service (DoS) attacks or other cybercrimes.

While it has been around for nearly a year, antivirus vendors and crime fighters haven't been able to quell the Storm. What makes it so hard to take down is its constitution. The Storm Worm has a distributed structure, so there's no central control point that could take out the network, and it continually changes the way the code is written and distributed. It's also aggressive, striking back at those who seek to destroy it. According to security pros, Storm Worm can figure out which users are trying to probe its command-and-control servers and it retaliates by launching distributed DoS attacks against them.

Security guru Bruce Schneier recently blogged about what Storm Worm's architects might have planned now that they've amassed such strength: "Storm is being partitioned, presumably so parts can be sold off. If that's true, we should expect more malicious activity out of Storm in the future; anyone buying a botnet will want to use it."

IPhone mania

You may not want one, or want to support as a corporate device, but you can't deny the buzz that is the iPhone. It hasn't let up since Apple announced the long-awaited device at Macworld 2007 in January. Early reviews lamented the iPhone's lack of features such as multimedia messaging and 3G compatibility, but that didn't stop buyers. Nor did Apple's deal with AT&T stop hackers from immediately racing to unlock iPhones so they could be used on other carriers' networks and run unauthorized applications.

Among the Network World crowd, the iPhone also created a mystery that had readers buzzing about what might have caused a few iPhones to wreak havoc on the Duke University wireless LAN. The problem at Duke wound up being a Cisco issue, not an iPhone one. But that's not to say enterprise IT teams should stop worrying about iPhones on their corporate networks. Just last month analyst firm Gartner warned that the iPhone doesn't meet enterprise security policy requirements. No doubt it's not the last we'll hear about iPhone's enterprise mettle. (See story on why the iPhone matters.)

TJX data debacle

It's exactly the kind of notoriety a company doesn't want. Bad news on top of bad news fueled yearlong interest in the TJX data heist, which is thought to be the largest breach of consumer data on record.

TJX Companies first reported in January that intruders gained access to its systems, and throughout the year it amended the number of accounts exposed and when the intrusions took place. Most recently, court filings in a case brought by banks against TJX stated the number of accounts affected by the thefts topped 94 million.

The retailer's financial toll continues to climb as well. In November, TJX hiked its estimate of pre-tax charges for the data breach to US$216 million, up from the US$168 million it projected in August.

For the IT set, the data heist and its continuing fallout were a yearlong, not-so-subtle reminder of how precious data security is.