September 22, 2007

Storm Botnet brouhaha

Back in January of this year a rather insidious computer virus began to make its way into a startlingly large number of computers around the globe. Called Storm Worm, the virus is a backdoor trojan that affects Windows operating systems. At its height the virus accounted for 8% of all infections globally; over 1.2 billion virus messages have been sent including a record 57 million on August 22 alone.

What makes this particular virus unique is its ability to link a massive number of computers together. The worm drops an agent into the operating system or software application for the purpose of performing specific tasks, such as gathering data on the user, attacking web sites, or forwarding infected e-mail. A computer that has been co-opted in this way is called a bot.

Massively distributed computation

In the case of Storm Worm, the bots work together across the internet to create a kind of massively distributed computer. It’s been estimated that as many as 1,000,000 to 50,000,000 computers comprise the Storm Worm botnet. Consequently, it has the potential to execute more instructions per second than some of the world’s top supercomputers.

According to Matt Sergeant, chief anti-spam technologist at MessageLabs, "In terms of power, [the botnet] utterly blows the supercomputers away. If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it."

The issue of security

Equally disturbing is the Worm’s ability to override operating system security; the botnet is not driven exclusively by the OS, nor can it be completely shunned out by security schemes. Even Mac OS X and Linux systems have been comprised, not because of OS security holes, but because the virus has exploited third party applications running on these machines. This could prove particularly problematic in the future as more and more applications migrate to the Web.

This said, I strongly suspect that the swiss cheese that is Windows is the primary culprit in allowing this botnet to achieve the strength that it has. Unlike Mac and especially Linux, Microsoft has always neglected security in favour of usability. This philosophy is now coming back to haunt them in the most ominous of ways.

Looking ahead

The damage inflicted by the botnet has been fairly limited. It spreads spam, makes DDos attacks, and deprives users of computing power. More seriously, however, the botnets can also break passwords. Given a highly organized and large scale operation, there’s also the possibility of severe security breaches, monetary theft and crippling internet attacks. It looks like organized crime could claim a huge chunk of the internet.

But it doesn’t necessarily have to be this way. Security will go a long way in preventing these highly distributed attacks and the ongoing proliferation of viruses. Microsoft, quite simply, has got to get its act together on security. Hopefully it won’t take some kind of internet catastrophe to instigate this sort of commitment. Should such a calamity happen, however, governments and security agencies would likely move fast and enforce higher standards for operating system security.

As for non-OS specific security breaches, software developers have to be cognizant of the fact that their apps are highly exploitable. Like operating systems, they also need to have tighter security and layers of redundant protection. Patches must flow regularly.

Firewalls and anti-virus applications have to become more intelligent as well. Efforts should be directed to develop high-tech security systems that can better identify malign applications through the use of artificial general intelligence and expert systems.

Only you can prevent forest fires, er, I mean botnets

More conceptually, users are also to blame for these sorts of epidemics. Social engineering will most assuredly continue to be a problem, but it can be curtailed by alert users who can recognize legitimate information from deception.

So, until more meaningful security measures are put into place, be careful of what you click.

No comments: