As if we don’t have enough spam, viruses, phishing attacks, and other forms of network-mediated malware assailing us, now we have Storm. Storm is a kind of compound malware, not so clever in and of itself, since it infects like so much other malware, via a user getting suckered into clicking a link. What is especially insidious about it is that it enslaves vulnerable machines, like a regular bot does, but then rather than going on the attack, it tends to lie there for a time, waiting for instructions. And the instructions come not from a central command center, but on a distributed 2-C (Command and Control) pathway from a smaller group of command systems. In effect, the bot-herder can jack into the botnet at many points and from anywhere, making it exceptionally difficult to intercept and contain. The bot software is also reputed to self-modify when installed, so that it can further hide itself from anti-virus cleaners.
Probably the best and readable technical overview of the Storm worm is here in Bruce Schneier’s blog.
Several pundits are predicting nothing short of the end of the world over this thing, and I grant that it’s going to be a bear to deal with, but I’m quite confident that it will be dealt with successfully. OK, so the Storm developers are very clever, but the good guys aren’t dunces, either. No, it’s much more likely to become part of the Internet background noise, just more gunk we have to filter out.
I mean, right now in my current work environment, only 3% – 5% of the emails we get in a given day are actual valid communications to someone here, the rest are spam or worse (this is by my actual count). We just filter them out, some get through, we individually delete them, and we go back to work. It’s a large problem, but it’s more of a nuisance than a threat to the business. And we all just keep emailing.
Of course, it might be placed in the hands of any of the various political terrorists around the world that are continually assailing us, they they have very little to lose if the Internet itself is rendered unusable. This I do worry about, but it still seems unlikely.
The more important issues revolve around what we might have to do to harden our defenses, and what this will lead to in terms of a “revised” Internet. We currently enjoy the Internet as an extremely free and borderless ecosystem, where data races back and forth with few restrictions, and people dream up and implement new services — and new kinds of services — that no one could have dreamed of a few years ago. Harden all this down too much, and suddenly everything turns into molasses. Not good!
So something very bad happens. Will we have to license servers or individual PCs? Will there be qualifications to connect to the Internet? Will sysadmins need to be licensed? What about our ability to publish or participate in discussions anonymously?
I’ll address these and other related issues in a future post. But I encourage you to think about it now, because if the Internet takes a big hit from criminal or terrorist elements, the legislature won’t be far behind, and we all know what kind of technicians the lawyers are.